Nowadays, the study of information security involves being aware of a broad range of domains, including mathematics, computer science, telecommunications, and social sciences. Information security focuses on how the information processed in computers and communicated over networks is protected. The problems and solutions related to information security can be separated into a wide range of topics. All of these topics can be presented from two perspectives: the communication perspective and the shared computer perspective. This book presents these two perspectives in a structured way. The communication perspective takes into account confidentiality, authenticity, and availability; the shared computer perspective considers access control, information classification, and information flow. The book is a collection of information security topics, including cryptography, hardware security, software security, communications and network security, risk and vulnerability analysis, and security technology management.
The book is organized into 14 chapters; excluding the first introductory chapter, all of the others present a specific topic related to information security. Chapter 2 starts with a presentation of security electronics in relation to cryptographic algorithms. It provides a small demonstration of how the computational complexity of RSA encryption and decryption can be implemented in efficient ways. The chapter ends with a summary and further reading and Web site recommendations. The public-key cryptography chapter (3) explains the mathematical reasoning behind the concepts and presents the number-theoretic design of the RSA algorithm. The book also presents hash functions (chapter 4), cryptographic protocols (chapter 6), and public-key infrastructures (chapter 7).
Wireless network access and mobile security are depicted in two different chapters (8 and 9). The latest trends show that modern communications are becoming mobile and the transmission medium is represented by electromagnetic radio waves.
The last chapters--10 through 14--are composed of topics that relate to the management of information security: software security, information and communications technology (ICT) security evaluation, ICT and forensic science, risk assessment, and the human factor.
An interesting part of the book is chapter 5, “Quantum Cryptography.” This chapter clearly presents quantum cryptography, without getting deep into the details of the physics domain. It describes the basic element of quantum cryptography, the qubit, and some of the protocols developed in this area, such as the BB84 protocol.
The book covers some important topics in the information security domain. Many theoretical aspects of information security are presented, as well as many practical approaches for the elements that constitute the multidisciplinary domain. The information covered is of current interest, and the book tries to present, in a structured way, the multitude of emerging information and communications technologies. The book does not cover all of the topics in great detail. It assumes that readers have a good knowledge of cryptography and its mathematical tools, networking and the technologies involved, and the information security international standards (even if there are some short explanations of these in the book).
The main audience for this book includes students and people involved in designing, evaluating, and protecting sensitive information in information systems. Anyone who wants a broad view of the information security domain should find useful information. Researchers and graduate students involved in the study of information security solutions, protocols, and algorithms should also read it.
It is very hard to present all of the things involved in an information security system, especially if we take into account the fact that all of the existing technologies converge to address the challenges of information security, privacy, and resilience. After reading parts of the book, the reader will understand why the information security domain is so complex, and, on the other hand, he or she will definitely have a broad view of the topics related to it. Books such as these are vital; they ensure that specialists who want to comply with the ever-demanding needs of the information security domain are prepared to do so.