This book is a detailed methodology of performing a security assessment. The book emphasizes the approach of first understanding the business and then the technology that supports it. It focuses on fundamental process areas of security and provides a methodology for security practitioners to uncover security weaknesses in other existing business processes. With the emphasis on the business driving security, this book presents a standard methodology for performing a security assessment as well as the reasons for doing it that way. It also provides checklists for process-oriented areas of information security to provide detailed guidance that can be used in performing a security assessment.

GAME THEORY AND MACHINE LEARNING FOR CYBER SECURITY Move beyond the foundations of machine learning and game theory in cyber security to the latest research in this cutting-edge field In Game Theory and Machine Learning for Cyber Security, a team of expert security researchers delivers a collection of central research contributions from both machine learning and game theory applicable to cybersecurity. The distinguished editors have included resources that address open research questions in game theory and machine learning applied to cyber security systems and examine the strengths and limitations of current game theoretic models for cyber security. Readers will explore the vulnerabilities of traditional machine learning algorithms and how they can be mitigated in an adversarial machine learning approach. The book offers a comprehensive suite of solutions to a broad range of technical issues in applying game theory and machine learning to solve cyber security challenges. Beginning with an introduction to foundational concepts in game theory, machine learning, cyber security, and cyber deception, the editors provide readers with resources that discuss the latest in hypergames, behavioral game theory, adversarial machine learning, generative adversarial networks, and multi-agent reinforcement learning. Readers will also enjoy: A thorough introduction to game theory for cyber deception, including scalable algorithms for identifying stealthy attackers in a game theoretic framework, honeypot allocation over attack graphs, and behavioral games for cyber deception An exploration of game theory for cyber security, including actionable game-theoretic adversarial intervention detection against advanced persistent threats Practical discussions of adversarial machine learning for cyber security, including adversarial machine learning in 5G security and machine learning-driven fault injection in cyber-physical systems In-depth examinations of generative models for cyber security Perfect for researchers, students, and experts in the fields of computer science and engineering, Game Theory and Machine Learning for Cyber Security is also an indispensable resource for industry professionals, military personnel, researchers, faculty, and students with an interest in cyber security.

The definitive text for students of digital forensics, as well as professionals looking to deepen their understanding of an increasingly critical field Written by faculty members and associates of the world-renowned Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Science and Technology (NTNU), this textbook takes a scientific approach to digital forensics ideally suited for university courses in digital forensics and information security. Each chapter was written by an accomplished expert in his or her field, many of them with extensive experience in law enforcement and industry. The author team comprises experts in digital forensics, cybercrime law, information security and related areas. Digital forensics is a key competency in meeting the growing risks of cybercrime, as well as for criminal investigation generally. Considering the astonishing pace at which new information technology and new ways of exploiting information technology is brought on line, researchers and practitioners regularly face new technical challenges, forcing them to continuously upgrade their investigatory skills. Designed to prepare the next generation to rise to those challenges, the material contained in Digital Forensics has been tested and refined by use in both graduate and undergraduate programs and subjected to formal evaluations for more than ten years. * Encompasses all aspects of the field, including methodological, scientific, technical and legal matters * Based on the latest research, it provides novel insights for students, including an informed look at the future of digital forensics * Includes test questions from actual exam sets, multiple choice questions suitable for online use and numerous visuals, illustrations and case example images * Features real-word examples and scenarios, including court cases and technical problems, as well as a rich library of academic references and references to online media Digital Forensics is an excellent introductory text for programs in computer science and computer engineering and for master degree programs in military and police education. It is also a valuable reference for legal practitioners, police officers, investigators, and forensic practitioners seeking to gain a deeper understanding of digital forensics and cybercrime.

RC4 Stream Cipher and Its Variants is the first book to fully cover the popular software stream cipher RC4. With extensive expertise in stream cipher cryptanalysis and RC4 research, the authors focus on the analysis and design issues of RC4. They also explore variants of RC4 and the eSTREAM finalist HC-128. After an introduction to the vast field of cryptology, the book reviews hardware and software stream ciphers and describes RC4. It presents a theoretical analysis of RC4 KSA, discussing biases of the permutation bytes toward secret key bytes and absolute values. The text explains how to reconstruct the secret key from known state information and analyzes the RC4 PRGA in detail, including a sketch of state recovery attacks. The book then describes three popular attacks on RC4: distinguishing attacks, Wired Equivalent Privacy (WEP) protocol attacks, and fault attacks. The authors also compare the advantages and disadvantages of several variants of RC4 and examine stream cipher HC-128, which is the next level of evolution after RC4 in the software stream cipher paradigm. The final chapter emphasizes the safe use of RC4. With open research problems in each chapter, this book offers a complete account of the most current research on RC4.

Die Praxis zeigt, dass bei der Entwicklung groAer, komplexer Softwaresysteme Sicherheitsaspekte oft gar nicht oder erst sehr spAt berA1/4cksichtigt werden. IT-Security-Spezialisten werden in die Entwicklung neuer Systeme oft nicht eingebunden, und Softwareentwicklern fehlt hAufig das Bewusstsein fA1/4r Sicherheitsprobleme und die nAtigen Detailkenntnisse, vorhandene LAsungen richtig einzusetzen. Hier setzt das Buch an und schlAgt eine BrA1/4cke von der Softwaresicht zu mehr netzwerkorientierten Aspekten der Internet-Security. Ziel der Autoren ist es, bei Entwicklern und Projektleitern ein grundlegendes Sicherheitsbewusstsein zu schaffen und ihnen einen Leitfaden fA1/4r den Bau sicherer verteilter Systeme an die Hand zu geben. Sicherheitsprobleme werden anhand konkreter Beispiele diskutiert und passende LAsungen aufgezeigt.

Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.
In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know
Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts, and programs available for download.

This book is a timely report of the state-of-the-art analytical techniques in the domain of quantum algorithms related to Boolean functions. It bridges the gap between recent developments in the area and the hands-on analysis of the spectral properties of Boolean functions from a cryptologic viewpoint. Topics covered in the book include Qubit, Deutsch-Jozsa and Walsh spectrum, Grover's algorithm, Simon's algorithm and autocorrelation spectrum. The book aims at encouraging readers to design and implement practical algorithms related to Boolean functions. Apart from combinatorial techniques, this book considers implementing related programs in a quantum computer. Researchers, practitioners and educators will find this book valuable.

The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

Cryptographic Boolean Functions and Applications, Second Edition is designed to be a comprehensive reference for the use of Boolean functions in modern cryptography. While the vast majority of research on cryptographic Boolean functions has been achieved since the 1970s, when cryptography began to be widely used in everyday transactions, in particular banking, relevant material is scattered over hundreds of journal articles, conference proceedings, books, reports and notes, some of them only available online. This book follows the previous edition in sifting through this compendium and gathering the most significant information in one concise reference book. The work therefore encompasses over 600 citations, covering every aspect of the applications of cryptographic Boolean functions. Since 2008, the subject has seen a very large number of new results, and in response, the authors have prepared a new chapter on special functions. The new edition brings 100 completely new references and an expansion of 50 new pages, along with heavy revision throughout the text.

Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly improved security environments. Part I delivers an overview of information systems security, providing historical perspectives and explaining how to determine the value of information. This section offers the basic underpinnings of information security and concludes with an overview of the risk management process. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems. Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.

This comprehensive text/reference presents an in-depth review of the state of the art of automotive connectivity and cybersecurity with regard to trends, technologies, innovations, and applications. The text describes the challenges of the global automotive market, clearly showing where the multitude of innovative activities fit within the overall effort of cutting-edge automotive innovations, and provides an ideal framework for understanding the complexity of automotive connectivity and cybersecurity. Topics and features: discusses the automotive market, automotive research and development, and automotive electrical/electronic and software technology; examines connected cars and autonomous vehicles, and methodological approaches to cybersecurity to avoid cyber-attacks against vehicles; provides an overview on the automotive industry that introduces the trends driving the automotive industry towards smart mobility and autonomous driving; reviews automotive research and development, offering background on the complexity involved in developing new vehicle models; describes the technologies essential for the evolution of connected cars, such as cyber-physical systems and the Internet of Things; presents case studies on Car2Go and car sharing, car hailing and ridesharing, connected parking, and advanced driver assistance systems; includes review questions and exercises at the end of each chapter. The insights offered by this practical guide will be of great value to graduate students, academic researchers and professionals in industry seeking to learn about the advanced methodologies in automotive connectivity and cybersecurity.

"Blockchains will matter crucially; this book, beautifully and clearly written for a wide audience, powerfully demonstrates how." -Lawrence Lessig "Attempts to do for blockchain what the likes of Lawrence Lessig and Tim Wu did for the Internet and cyberspace-explain how a new technology will upend the current legal and social order... Blockchain and the Law is not just a theoretical guide. It's also a moral one." -Fortune Bitcoin has been hailed as an Internet marvel and decried as the preferred transaction vehicle for criminals. It has left nearly everyone without a computer science degree confused: how do you "mine" money from ones and zeros? The answer lies in a technology called blockchain. A general-purpose tool for creating secure, decentralized, peer-to-peer applications, blockchain technology has been compared to the Internet in both form and impact. Blockchains are being used to create "smart contracts," to expedite payments, to make financial instruments, to organize the exchange of data and information, and to facilitate interactions between humans and machines. But by cutting out the middlemen, they run the risk of undermining governmental authorities' ability to supervise activities in banking, commerce, and the law. As this essential book makes clear, the technology cannot be harnessed productively without new rules and new approaches to legal thinking. "If you...don't 'get' crypto, this is the book-length treatment for you." -Tyler Cowen, Marginal Revolution "De Filippi and Wright stress that because blockchain is essentially autonomous, it is inflexible, which leaves it vulnerable, once it has been set in motion, to the sort of unforeseen consequences that laws and regulations are best able to address." -James Ryerson, New York Times Book Review

Group theoretic problems have propelled scientific achievements across a wide range of fields, including mathematics, physics, chemistry, and the life sciences. Many cryptographic constructions exploit the computational hardness of group theoretical problems, and the area is viewed as a potential source of quantum-resilient cryptographic primitives for the future. Group Theoretic Cryptography supplies an ideal introduction to cryptography for those who are interested in group theory and want to learn about the possible interplays between the two fields. Assuming an undergraduate-level understanding of linear algebra and discrete mathematics, it details the specifics of using non-Abelian groups in the field of cryptography. Moreover, the book evidences how group theoretic techniques help us gain new insight into well known, seemingly unrelated, cryptographic constructions, such as DES. The book starts with brief overviews of the fundamentals of group theory, complexity theory, and cryptography. Part two is devoted to public-key encryption, including provable security guarantees, public-key encryption in the standard model, and public-key encryption using infinite groups. The third part of the book covers secret-key encryption. It examines block ciphers, like the Advanced Encryption Standard, and cryptographic hash functions and message authentication codes. The last part delves into a number of cryptographic applications which are nowadays as relevant as encryption-identification protocols, key establishment, and signature schemes are covered. The book supplies formal security analyses and highlights potential vulnerabilities for cryptographic constructions involving group theory. Summaries and references for further reading, as well as exercises, are included at the end of each chapter. Selected solutions for exercises are provided in the back of the book.

In the digital world, the need to protect communications increases every day. While traditional digital encryption methods are useful, there are many other options for hiding your information. "Information Hiding in Speech Signals for Secure Communication" provides a number of methods to hide secret speech information using a variety of digital speech coding standards. Professor Zhijun Wu has conducted years of research in the field of speech information hiding, and brings his state-of-the-art techniques to readers of this book, including a mathematical model for information hiding, the core concepts of secure speech communication, the ABS-based information hiding algorithm, and much more.

This book shows how to implement a secure speech communication system, including applications to various network security states. Readers will find information hiding algorithms and techniques (embedding and extracting) that are capable of withstanding the advanced forms of attack. The book presents concepts and applications for all of the most widely used speech coding standards, including G.711, G.721, G.728, G.729 and GSM, along with corresponding hiding and extraction algorithms. Readers will also learn how to use a speech covert communication system over an IP network as well as a speech secure communication system applied in PSTN.
Presents information hiding theory and the mathematical model used for information hiding in speech.Provides a number of methods to hide secret speech information using the most common digital speech coding standards.A combination of practice and theory enables programmers and system designers not only to implement tried and true encryption procedures, but also to consider probable future developments in their designs.

From the exciting history of its development in ancient times to the present day, Introduction to Cryptography with Mathematical Foundations and Computer Implementations provides a focused tour of the central concepts of cryptography. Rather than present an encyclopedic treatment of topics in cryptography, it delineates cryptographic concepts in chronological order, developing the mathematics as needed.

Written in an engaging yet rigorous style, each chapter introduces important concepts with clear definitions and theorems. Numerous examples explain key points while figures and tables help illustrate more difficult or subtle concepts. Each chapter is punctuated with "Exercises for the Reader;" complete solutions for these are included in an appendix. Carefully crafted exercise sets are also provided at the end of each chapter, and detailed solutions to most odd-numbered exercises can be found in a designated appendix. The computer implementation section at the end of every chapter guides students through the process of writing their own programs. A supporting website provides an extensive set of sample programs as well as downloadable platform-independent applet pages for some core programs and algorithms.

As the reliance on cryptography by business, government, and industry continues and new technologies for transferring data become available, cryptography plays a permanent, important role in day-to-day operations. This self-contained sophomore-level text traces the evolution of the field, from its origins through present-day cryptosystems, including public key cryptography and elliptic curve cryptography.

Developing solid, thorough infrastructure security assessments in diverse sectors

Drawing on the collective experience of many experts, this definitive reference presents the best methods, techniques, and measurements to help security analysts conduct objective security assessments. It helps readers understand advanced security assessment concepts in today's high-risk world and identify, measure, and prioritize security risks. A comprehensive, practical guide, this resource:

Describes a practical, proven approach that has been used in over 3,000 security assessments in thirty countries

Features three primary sections: an introduction that helps analysts understand today's challenging environment; an overview of security assessment methodology broken down into five specific elements; and details on tailoring the methodology to specific industries

Defines the purpose of the security assessment process, the behavioral and physical sciences brought into play, the techniques used, and measurement and evaluation tools and standards

Presents an S3E comprehensive, system-integrated methodology supported by user-friendly, step-by-step guidance that is complemented by a series of S3E Security Assessment Methodology matrices

Includes chapters dedicated to specific infrastructure sectors: water; energy; transportation; chemical industry and hazardous materials; agriculture and food; banking and finance; and telecommunications

Provides worksheets that facilitate the cataloging and documenting of research data

This book gives consultants, security practitioners, corporate security managers and directors, and others a reliable, hands-on "briefcase" reference to use in theoffice as well as in the field. It's also an ideal text for upper-level students in related courses.

Cryptography is a vital technology that underpins the security of information in computer networks. This book presents a comprehensive introduction to the role that cryptography plays in providing information security for everyday technologies such as the Internet, mobile phones, Wi-Fi networks, payment cards, Tor, and Bitcoin. This book is intended to be introductory, self-contained, and widely accessible. It is suitable as a first read on cryptography. Almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematics techniques underpinning cryptographic mechanisms. Instead our focus will be on what a normal user or practitioner of information security needs to know about cryptography in order to understand the design and use of everyday cryptographic applications. By focusing on the fundamental principles of modern cryptography rather than the technical details of current cryptographic technology, the main part this book is relatively timeless, and illustrates the application of these principles by considering a number of contemporary applications of cryptography. Following the revelations of former NSA contractor Edward Snowden, the book considers the wider societal impact of use of cryptography and strategies for addressing this. A reader of this book will not only be able to understand the everyday use of cryptography, but also be able to interpret future developments in this fascinating and crucially important area of technology.

Would your company be prepared in the event of:
* Computer-driven espionage
* A devastating virus attack
* A hacker's unauthorized access
* A breach of data security?
As the sophistication of computer technology has grown, so has the rate of computer-related criminal activity. Subsequently, American corporations now lose billions of dollars a year to hacking, identity theft, and other computer attacks. More than ever, businesses and professionals responsible for the critical data of countless customers and employees need to anticipate and safeguard against computer intruders and attacks.
The first book to successfully speak to the nontechnical professional in the fields of business and law on the topic of computer crime, Computer Forensics: An Essential Guide for Accountants, Lawyers, and Managers provides valuable advice on the hidden difficulties that can blindside companies and result in damaging costs.
Written by industry expert Michael Sheetz, this important book provides readers with an honest look at the computer crimes that can annoy, interrupt--and devastate--a business. Readers are equipped not only with a solid understanding of how computers facilitate fraud and financial crime, but also how computers can be used to investigate, prosecute, and prevent these crimes.
If you want to know how to protect your company from computer crimes but have a limited technical background, this book is for you. Get Computer Forensics: An Essential Guide for Accountants, Lawyers, and Managers and get prepared.

There is no such thing as "perfect security" when it comes to keeping all systems intact and functioning properly. Good penetration (pen) testing creates a balance that allows a system to be secure while simultaneously being fully functional. With this book, you'll learn how to become an effective penetrator (i.e., a white hat or ethical hacker) in order to circumvent the security features of a Web application so that those features can be accurately evaluated and adequate security precautions can be put in place.
After a review of the basics of web applications, you'll be introduced to web application hacking concepts and techniques such as vulnerability analysis, attack simulation, results analysis, manuals, source code, and circuit diagrams. These web application hacking concepts and techniques will prove useful information for ultimately securing the resources that need your protection.
What you will learn from this book
* Surveillance techniques that an attacker uses when targeting a system for a strike
* Various types of issues that exist within the modern day web application space
* How to audit web services in order to assess areas of risk and exposure
* How to analyze your results and translate them into documentation that is useful for remediation
* Techniques for pen-testing trials to practice before a live project
Who this book is for
This book is for programmers, developers, and information security professionals who want to become familiar with web application security and how to audit it.
Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.

The four-volume proceedings LNCS 13791, 13792, 13793, and 13794 constitute the proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022, held in Taipei, Taiwan, during December 5-9, 2022. The total of 98 full papers presented in these proceedings was carefully reviewed and selected from 364 submissions. The papers were organized in topical sections as follows: Part I: Award papers; functional and witness encryption; symmetric key cryptanalysis; multiparty computation; real world protocols; and blockchains and cryptocurrencies. Part II: Isogeny based cryptography; homomorphic encryption; NIZK and SNARKs; non interactive zero knowledge; and symmetric cryptography. Part III: Practical cryptography; advanced encryption; zero knowledge; quantum algorithms; lattice cryptoanalysis. Part IV: Signatures; commitments; theory; cryptoanalysis; and quantum cryptography.

The four-volume proceedings LNCS 13791, 13792, 13793, and 13794 constitute the proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022, held in Taipei, Taiwan, during December 5-9, 2022. The total of 98 full papers presented in these proceedings was carefully reviewed and selected from 364 submissions. The papers were organized in topical sections as follows: Part I: Award papers; functional and witness encryption; symmetric key cryptanalysis; multiparty computation; real world protocols; and blockchains and cryptocurrencies. Part II: Isogeny based cryptography; homomorphic encryption; NIZK and SNARKs; non interactive zero knowledge; and symmetric cryptography. Part III: Practical cryptography; advanced encryption; zero knowledge; quantum algorithms; lattice cryptoanalysis. Part IV: Signatures; commitments; theory; cryptoanalysis; and quantum cryptography.

The four-volume proceedings LNCS 13791, 13792, 13793, and 13794 constitute the proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022, held in Taipei, Taiwan, during December 5-9, 2022. The total of 98 full papers presented in these proceedings was carefully reviewed and selected from 364 submissions. The papers were organized in topical sections as follows: Part I: Award papers; functional and witness encryption; symmetric key cryptanalysis; multiparty computation; real world protocols; and blockchains and cryptocurrencies. Part II: Isogeny based cryptography; homomorphic encryption; NIZK and SNARKs; non interactive zero knowledge; and symmetric cryptography. Part III: Practical cryptography; advanced encryption; zero knowledge; quantum algorithms; lattice cryptoanalysis. Part IV: Signatures; commitments; theory; cryptoanalysis; and quantum cryptography.

The four-volume proceedings LNCS 13791, 13792, 13793, and 13794 constitute the proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022, held in Taipei, Taiwan, during December 5-9, 2022. The total of 98 full papers presented in these proceedings was carefully reviewed and selected from 364 submissions. The papers were organized in topical sections as follows: Part I: Award papers; functional and witness encryption; symmetric key cryptanalysis; multiparty computation; real world protocols; and blockchains and cryptocurrencies. Part II: Isogeny based cryptography; homomorphic encryption; NIZK and SNARKs; non interactive zero knowledge; and symmetric cryptography. Part III: Practical cryptography; advanced encryption; zero knowledge; quantum algorithms; lattice cryptoanalysis. Part IV: Signatures; commitments; theory; cryptoanalysis; and quantum cryptography.

Beginning in the fall of 1999, a number of Internet-related businesses and financial institutions in the United States suffered computer intrusions or "hacks" that originated from Russia. The hackers gained control of the victims' computers, copied and stole private data that included credit card information, and threatened to publish or use the stolen credit cards or inflict damage on the compromised computers unless the victims paid money or gave the hackers a job. Some of the companies gave in and paid off the hackers. Some decided not to. The hackers responded by shutting down parts of their networks and using stolen credit card numbers to order thousands of dollars' worth of computer equipment. THE LURE is the true, riveting story of how these Russian hackers, who bragged that the laws in their country offered them no threat, and who mocked the inability of the FBI to catch them, were caught by an FBI lure designed to appeal to their egos and their greed. The story of the sting operation and subsequent trial is told for the first time here by the Department of Justice's attorney for the prosecution. This fascinating story reads like a crime thriller, but also offers a wealth of information that can be used by IT professionals, business managers, lawyers and academics who wish to learn how to protect systems from abuse, and who want to respond appropriately to network incidents. They also provide insight into the hacker's world and explain how their own words and actions were used against them in a court of law - the evidence provided is in the raw, uncensored words of the hackers themselves. This is a multi-layered true crime story, a real-life law and order story that explains how hackers and computer thieves operate, how the FBI takes them down, and how the Department of Justice prosecutes them in the courtroom.

Once the privilege of a secret few, cryptography is now taught at universities around the world. Introduction to Cryptography with Open-Source Software illustrates algorithms and cryptosystems using examples and the open-source computer algebra system of Sage. The author, a noted educator in the field, provides a highly practical learning experience by progressing at a gentle pace, keeping mathematics at a manageable level, and including numerous end-of-chapter exercises.

Focusing on the cryptosystems themselves rather than the means of breaking them, the book first explores when and how the methods of modern cryptography can be used and misused. It then presents number theory and the algorithms and methods that make up the basis of cryptography today. After a brief review of "classical" cryptography, the book introduces information theory and examines the public-key cryptosystems of RSA and Rabin s cryptosystem. Other public-key systems studied include the El Gamal cryptosystem, systems based on knapsack problems, and algorithms for creating digital signature schemes.

The second half of the text moves on to consider bit-oriented secret-key, or symmetric, systems suitable for encrypting large amounts of data. The author describes block ciphers (including the Data Encryption Standard), cryptographic hash functions, finite fields, the Advanced Encryption Standard, cryptosystems based on elliptical curves, random number generation, and stream ciphers. The book concludes with a look at examples and applications of modern cryptographic systems, such as multi-party computation, zero-knowledge proofs, oblivious transfer, and voting protocols.