• Complain

Jeffrey James Stapleton - Security Without Obscurity: A Guide to Cryptographic Architectures

Here you can read online Jeffrey James Stapleton - Security Without Obscurity: A Guide to Cryptographic Architectures full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2018, publisher: Auerbach Publications, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Jeffrey James Stapleton Security Without Obscurity: A Guide to Cryptographic Architectures
  • Book:
    Security Without Obscurity: A Guide to Cryptographic Architectures
  • Author:
  • Publisher:
    Auerbach Publications
  • Genre:
  • Year:
    2018
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

Security Without Obscurity: A Guide to Cryptographic Architectures: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Security Without Obscurity: A Guide to Cryptographic Architectures" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Information security has a major gap when cryptography is implemented. Cryptographic algorithms are well defined, key management schemes are well known, but the actual deployment is typically overlooked, ignored, or unknown. Cryptography is everywhere. Application and network architectures are typically well-documented but the cryptographic architecture is missing. This book provides a guide to discovering, documenting, and validating cryptographic architectures. Each chapter builds on the next to present information in a sequential process. This approach not only presents the material in a structured manner, it also serves as an ongoing reference guide for future use.

Jeffrey James Stapleton: author's other books


Who wrote Security Without Obscurity: A Guide to Cryptographic Architectures? Find out the surname, the name of the author of the book and a list of all author's works by series.

Security Without Obscurity: A Guide to Cryptographic Architectures — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Security Without Obscurity: A Guide to Cryptographic Architectures" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make

Security without Obscurity

Security without Obscurity

A Guide to Cryptographic Architectures

J. J. Stapleton

Published in 2019 by CRC Press Taylor Francis Group 6000 Broken Sound Parkway - photo 1

Published in 2019 by CRC Press

Taylor & Francis Group

6000 Broken Sound Parkway NW, Suite 300

Boca Raton, FL 33487-2742

2019 by Taylor & Francis Group, LLC

CRC Press is an imprint of Taylor & Francis Group

No claim to original U.S. Government works

Printed in the United States of America on acid-free paper

10 9 8 7 6 5 4 3 2 1

International Standard Book Number-13: 978-0-8153-9641-3 (hardback)

This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the author and the publisher cannot assume responsibility for the validity of all materials or for the consequences of their use.

No part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, please access www.copyright.com (www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe.

Visit the Taylor & Francis Web site at

www.taylorandfrancis.com

and the CRC Press Web site at

www.crcpress.com

Contents

This is the third book in the Security without Obscurity series. The first installment was my first book done on my very own. Previously, I had written articles and chapters for other peoples books but not my own. The second book came about because of my collaboration with Clay Epstein and our decision to write a book together, and inadvertently created the series. At that time, I had no particular plans for a third book. The genesis for this book had several origins.

First, during my career, many times I have had to ferret out the cryptographic details for products, applications, and networks. From a crypto perspective, understanding the journalistic questions: who, what, why, where, when, and how is a critical aspect of information security. Too often the information is difficult to ascertain; misinformation and disinformation are not helpful. For example, vendors or service providers might be reluctant to reveal details, developers might have unreliable data, or product specifications are obsolete.

Further, vendors and service providers undergo mergers and acquisitions. Knowledge is often lost when employees or contractors depart. Product lines might be decommissioned and no longer supported. Products might not be updated and run with aging software. Product documentation might be dated or contain mistakes. Marketing sometimes makes unsubstantiated claims that are difficult to verify.

Second, the ability to conduct a security assessment in a reluctant or adversarial situation requires a set of skills that can only be learned by experience. However, there are dependable processes that can provide consistent results. Over the years, things to do and things not to do are included in lessons learned. These same processes work just as well for enthusiastic conditions. This book has an entire chapter on performing risk assessments.

Third, I published the article Cryptographic Architectures: Missing in Action in the July 2017 ISSA Journal. The article was on the journal cover, and it was republished in the Best Articles of 2017 in the January 2018 ISSA Journal. However, there was so much that I could have discussed, but a six-page article can only provide a limited amount of information. I provided the article to my publisher, and he agreed the topic would make another good book.

On another note, the ISSA article and this book refer to simple applications or network diagrams as cartoons. I personally credit Don Provencher a former colleague at Bank of America, coining the term cartoon when referring to simplistic diagrams. Don was extremely knowledgeable about network architectures and was able to educate even me. We all miss you, Don.

In the first book, I mentioned my long-term participation with X9 standards. My participation and chairing the X9F4 workgroup endures to this day. The X9F4 program of work continues to grow with new standards and technical reports. Meanwhile, I continue to have a day job, work on X9 standards, and write this book. All of this with the loving support from my wife, Linda, and everyone still likes her best.

J. J. Stapleton has been involved with cryptography, public key infrastructure (PKI), key management, and numerous other information security technologies since 1989 when he attended his first Accredited Standards Committee X9 work-group meeting. He has continued his X9 membership across many employers and has been chair of the X9F4 cryptographic protocol and application security work-group since 1998.

Picture 2 Jeff began as a software engineer at Citi Information Resources in 1982 when he was still working on his bachelors of science in computer science from the University of MissouriSt. Louis (UMSL).

Picture 3 Jeff continued his career as a developer at MasterCard in 1984, managed developers on card payments applications, and began working on his masters of science in computer science from the University of MissouriRolla (UMR, now renamed Missouri Science and Technology). He also began his long-term X9 affiliation.

Jeff was assigned the design and development of a key management service (KMS) for the MasterCard network Banknet. The KMS was literally 24 hour from going live in production when a strategic decision to replace the then current IBM Series/1 minicomputers with a to-be-determined platform delayed the KMS project. He was able to take advantage of the experience by writing his thesis: Network Key Management in a Large Distributed Network, J. J. Stapleton, 1992, a thesis presented to the faculty of the Graduate School of UMR approved by Daniel C. St. Clair, Chaman L. Sabharwal, and James Hahn.

He actively participated in the development of the X9 technical guideline TG-3 personal identification number (PIN) Security Compliance Guideline (renumbered as technical report TR-39). The guideline provides evaluation criteria based on industry standards (X9.8 and X9.24) that defined security requirements for handling PINs and associated cryptographic keys. TG-3 was adopted by many payment networks for a biennial security assessment for interoperability.

Another accomplishment was his involvement in the development of the Secure Electronic Transaction (SET) specification, a joint venture between Visa and MasterCard for online card payments. As part of the SET project, he also worked with Netscape in their development of the Secure Socket Layer Protocol.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Security Without Obscurity: A Guide to Cryptographic Architectures»

Look at similar books to Security Without Obscurity: A Guide to Cryptographic Architectures. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Security Without Obscurity: A Guide to Cryptographic Architectures»

Discussion, reviews of the book Security Without Obscurity: A Guide to Cryptographic Architectures and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.