网络与信息安全（第四版）

本书共15章，系统地阐述了网络与信息安全的各个方面，内容包括：网络与信息安全的基本概念和术语；计算机密码学（包括对称密钥密码、公钥密码、单向散列函数、混沌密码和量子密码等）；区块链技术及其应用；信息隐藏技术；身份认证与公钥基础设施PKI、访问控制与系统审计；数据库系统安全；互联网安全；无线网络安全；防火墙技术；入侵检测与入侵防御；网络信息安全管理等。为了便于教学，每章后面都有习题，可以作为课程作业或复习要点。

第 1 章 网络信息安全综述 ············ 11.1 网络与信息安全的重要性 ········· 21.2 网络与信息安全的基本概念 ······ 31.3 网络安全威胁 ························ 41.3.1 网络安全威胁的类型 ·········· 51.3.2 网络安全威胁的动机 ·········· 61.4 安全评价标准 ························ 61.4.1 可信计算机系统评估准则 ···· 71.4.2 网络安全体系结构 ············· 81.4.3 网络安全服务目标类型 ······· 81.4.4 特定安全机制 ·················· 101.4.5 普遍性安全机制 ··············· 111.5 网络安全等级保护概述 ·········· 121.5.1 等级保护对象 ·················· 131.5.2 不同级别的安全保护能力 ····· 131.5.3 安全要求分类 ·················· 13*1.6 等级保护安全要求细则 ·········· 141.6.1 安全技术要求 ·················· 141.6.2 安全管理要求 ·················· 171.6.3 安全扩展要求 ·················· 19小 结 ·································· 22习 题 ·································· 23第 2 章 对称密钥密码体系 ·········· 242.1 密码学原理 ························ 252.1.1 密码学的基本原理 ············ 252.1.2 安全密码算法 ·················· 262.1.3 对称密钥密码和非对称密钥密码 ······························ 272.2 数据加密标准（DES） ·········· 272.3 IDEA 算法 ·························· 292.4 高级加密标准（AES） ·········· 302.4.1 AES 的产生背景 ·············· 302.4.2 AES 算法的特点 ·············· 312.4.3 AES（Rijndael）算法 ········ 312.4.4 AES 算法的优点 ·············· 382.4.5 AES 算法应用················· 382.4.6 分组加密算法比较 ············ 382.5 序列密码 ···························· 382.5.1 序列密码原理 ·················· 382.5.2 A5 算法 ························· 39*2.5.3 祖冲之算法（ZUC） ········· 40*2.6 密码分析与攻击 ··················· 412.6.1 密码攻击 ······················· 422.6.2 密码算法安全性 ··············· 422.6.3 攻击方法的复杂性 ············ 42*2.7 密码设计准则 ······················ 432.8 国产密码进展 ······················ 442.8.1 国产密码基本情况 ············ 442.8.2 国产密码算法简介 ············ 44小 结 ··································· 46习 题 ··································· 46第 3 章 单向散列函数 ·················· 473.1 单向散列函数概述················· 473.2 MD5——消息摘要 ················ 483.3 SHA——安全散列算法 ··········· 493.3.1 SHA 家族 ······················· 493.3.2 SHA-1 算法 ···················· 493.3.3 SHA-1 应用举例 ·············· 51*3.3.4 SHA-512 算法 ················· 52*3.4 SM3——中国商用密码散列算法标准 ···························· 533.5 几种哈希函数比较················· 543.6 消息认证码（MAC） ············ 553.6.1 消息认证码的基本概念 ······ 553.6.2 消息的完整性验证 ············ 553.6.3 HMAC 算法 ···················· 563.7 案例应用：信息的完整性验证 ··· 57*3.8 对单向散列函数的攻击 ·········· 573.8.1 字典攻击 ························ 573.8.2 穷举攻击 ························ 58小 结 ·································· 59习 题 ·································· 59第 4 章 公钥密码体系 ················· 604.1 公钥密码概述 ······················ 614.2 RSA 密码系统 ····················· 624.2.1 RSA 算法 ······················· 624.2.2 对 RSA 算法的挑战 ··········· 644.3 Diffie-Hellman 密钥交换 ········ 644.3.1 Diffie-Hellman 算法 ··········· 654.3.2 中间人攻击 ····················· 65*4.3.3 认证的 Diffie-Hellman 密钥交换 ······························ 664.3.4 三方或多方 Diffie-Hellman ···· 664.4 数字签名方案 ······················ 674.4.1 数字签名概述 ·················· 674.4.2 基本的数字签名方案 ········· 684.4.3 案例应用：高效数字签名方案 ······························ 694.4.4 案例应用：保密签名方案 ····· 694.4.5 案例应用：多重签名方案 ····· 704.5 数字签名算法 ······················ 71*4.5.1 DSA——数字签名算法 ······ 714.5.2 RSA 作为数字签名算法 ······ 724.6 基于标识的密码算法 SM9 及应用 ······························· 734.6.1 标识密码 ························ 73*4.6.2 有限域上的椭圆曲线与双线性对及 SM9 ··········· 734.6.3 SM9 应用现状 ················· 744.7 公钥密码与对称密码算法分析与选择 ······························· 764.7.1 公钥密码与对称密码算法分析 ····························· 764.7.2 加密算法的选择 ··············· 76小 结 ··································· 76习 题 ··································· 77第 5 章 区块链技术及其应用 ········ 785.1 区块链发展 ························· 785.1.1 区块链发展历史渊源 ········· 785.1.2 区块链标准化进程 ············ 795.2 区块链结构及工作原理 ··········· 795.2.1 区块链结构····················· 795.2.2 区块链工作原理 ··············· 825.3 区块链特点及分类················· 825.3.1 区块链的特点 ·················· 825.3.2 区块链的分类 ·················· 845.4 区块链核心技术 ··················· 845.4.1 P2P 网络 ························ 845.4.2 加密算法 ······················· 855.4.3 共识机制 ······················· 865.4.4 智能合约 ······················· 87*5.5 区块链核心问题优化方案 ········ 885.5.1 共识算法优化方案DPoS-BFT ······················ 885.5.2 DPoS 投票智能合约 ·········· 905.5.3 DPoS-BFT 激励机制 ·········· 925.6 区块链应用领域及发展方向 ····· 935.7 案例应用：基于区块链的公益互助系统 ···························· 945.8 基于区块链技术的数字货币····· 1005.8.1 货币的发展史 ················ 1005.8.2 数字货币 ····················· 1015.8.3 我国数字货币面临的挑战及应对策略 ··················· 102小 结 ································· 103习 题 ································· 103第 6 章 混沌密码和量子密码 ······ 1046.1 混沌概述 ·························· 1046.1.1 混沌起源 ······················ 1056.1.2 混沌的定义 ··················· 1056.1.3 混沌的三个主要特征 ······· 1066.1.4 混沌模型 ······················ 1076.2 混沌系统应用 ····················· 1096.2.1 案例应用：基于混沌的文件加密 ······················ 1096.2.2 Lorenz 混沌系统的高效数值量化 ······················ 1116.2.3 混沌序列密码对图像加密 ··· 1116.2.4 混沌同步构造非对称数字水印 ···························· 112*6.3 量子加密密码体系 ··············· 1126.3.1 量子密码的提出 ············· 1126.3.2 量子物理学基础 ············· 1136.3.3 量子密码学 ··················· 1136.3.4 量子密码的安全性分析 ···· 115*6.4 量子密码的研究与应用 ········· 1156.4.1 量子密码的研究前沿 ······· 1166.4.2 量子密码的应用领域 ······· 117小 结 ································· 117习 题 ································· 118第 7 章 信息隐藏技术 ················ 1197.1 信息隐藏技术概述 ··············· 1197.1.1 信息隐藏产生的背景 ······· 1197.1.2 信息隐藏的基本原理 ······· 1207.1.3 信息隐藏系统的特征 ······· 1217.1.4 信息隐藏技术的主要分支与应用 ························· 1227.2 数字水印概述 ····················· 1237.2.1 数字水印系统的基本框架 ·· 1237.2.2 数字水印的主要特征 ······· 1247.2.3 数字水印的分类 ············· 1247.2.4 数字水印的原理 ············· 1257.2.5 数字图像水印的典型算法 ··· 1277.2.6 数字水印的攻击类型及对策 ························ 1287.2.7 数字水印的评价标准 ······· 1317.2.8 信息隐藏的主要应用领域 ···························· 132*7.3 案例应用：基于混沌的小波域数字水印 ·························· 1327.4 数字水印研究状况与展望 ······ 140小 结 ································· 141习 题 ································· 142第 8 章 身份认证与 PKI 技术 ······ 1438.1 身份认证 ·························· 1438.1.1 根据用户知道什么进行认证 ··························· 1448.1.2 根据用户拥有什么进行认证 ··························· 1458.1.3 根据用户是什么进行认证 ··························· 1458.2 PKI 概述 ··························· 1468.2.1 公钥密码系统的问题 ······· 1468.2.2 PKI 的概念、目的、实体构成和服务 ··················· 1478.3 数字证书 ·························· 1488.3.1 ASN.1 概述 ··················· 1488.3.2 X.509 证书 ··················· 1508.3.3 在线证书状态协议 ·········· 1528.3.4 密码操作开发工具 ·········· 1538.4 证书权威（CA） ················ 1558.4.1 CA 的功能和组成 ··········· 1558.4.2 CA 对用户证书的管理 ····· 1578.4.3 密码硬件简介 ················ 1598.4.4 商用 CA 产品 ················ 1618.5 信任模型 ·························· 1618.5.1 证书验证方法 ················ 1628.5.2 信任模型 ······················ 1638.6 案例应用 ·························· 1658.6.1 软件防篡改 ··················· 1658.6.2 网上银行 ······················ 166小 结 ································· 169习 题 ································· 169第 9 章 访问控制与系统审计 ······ 1719.1 访问控制基本概念 ··············· 1729.2 系统安全模型 ····················· 1739.3 安全策略 ·························· 1749.3.1 基于身份的安全策略 ······· 1759.3.2 基于规则的安全策略 ······· 1759.4 访问控制实现方法 ··············· 1759.4.1 目录表 ························· 1769.4.2 访问控制列表 ················ 1769.4.3 访问控制矩阵 ················ 1779.4.4 访问控制安全标签列表 ···· 1789.4.5 权限位 ························· 1789.5 访问控制模型 ····················· 1799.5.1 访问控制模型类型 ·········· 1799.5.2 自主访问控制 ················ 1809.5.3 强制访问控制 ················ 1819.5.4 基于角色的访问控制 ······· 1829.5.5 基于任务的访问控制 ······· 1859.5.6 基于角色和任务的访问控制 ··························· 1899.5.7 使用控制 ······················ 1909.5.8 访问控制小结 ················ 1959.6 案例应用：RBAC 在企业Web 系统中的应用 ·············· 1959.7 系统审计 ·························· 1999.7.1 审计及审计跟踪 ············· 2009.7.2 安全审计 ······················ 2009.8 案例应用：Web 信息系统的 审计信息 ·························· 201*9.9 授权管理基础设施（PMI） ····· 2039.9.1 PMI 概述 ····················· 2039.9.2 PMI 技术的授权管理模式及其优点 ····················· 203小 结 ································· 204习 题 ································· 205第 10 章 数据库系统安全 ··········· 20610.1 数据库安全概述 ················ 20610.1.1 数据库安全技术 ··········· 20710.1.2 多级数据库 ················· 20810.2 数据库加密 ······················ 20910.2.1 数据库加密的基本要求 ···· 20910.2.2 数据库加密的方式 ········ 21010.2.3 数据库加密的方法及加密粒度 ··························· 21110.2.4 数据库加密系统的密钥管理 ·························· 21210.3 统计数据库安全 ················ 21310.3.1 统计数据库的安全问题 ···· 21310.3.2 对统计数据库的攻击方式 ·························· 21410.3.3 统计数据库的安全措施 ··· 21510.4 网络数据库安全 ················ 21610.4.1 网络数据库概述 ··········· 21610.4.2 网络数据库安全简介 ····· 21710.5 大数据安全 ······················ 21910.5.1 大数据的安全问题 ········ 21910.5.2 大数据安全技术 ··········· 22110.6 案例应用：SQL Server 安全 设置 ······························ 22210.6.1 SQL Server 网络安全设置 ·························· 22210.6.2 SQL Server 其他安全设置 ·························· 224小 结 ································· 226习 题 ································· 226第 11 章 互联网安全 ················· 22811.1 TCPIP 协议族的安全问题 ····· 22811.1.1 TCPIP 协议族模型 ········ 22911.1.2 IP 协议的安全问题 ········ 23011.1.3 TCP 协议的安全问题······ 23211.1.4 UDP 协议的安全问题 ····· 23511.2 黑客攻击概述 ··················· 23511.2.1 黑客攻击基本流程 ········· 23511.2.2 黑客攻击基本技术 ········· 23711.3 计算机病毒简介 ················ 24011.3.1 计算机病毒概述 ············ 24011.3.2 计算机病毒防范 ············ 24111.3.3 杀毒软件简介 ·············· 24111.4 虚拟专用网 ······················ 24211.4.1 VPN 概述 ···················· 24311.4.2 VPN 协议 ···················· 24411.5 IPSec ····························· 24411.5.1 IP 安全性分析 ·············· 24411.5.2 安全关联 ···················· 24511.5.3 IPSec 模式 ··················· 24611.5.4 认证报头 ···················· 24711.5.5 封装安全有效载荷 ········· 24811.6 安全套接字层（SSL） ········ 25111.6.1 SSL 概述 ···················· 25111.6.2 SSL 工作原理 ··············· 25211.6.3 SSL VPN ····················· 25611.7 案例应用 ························· 25711.7.1 IE 浏览器中的 SSL ········ 25711.7.2 华为 VPN 客户端 ·········· 259小 结 ································· 260习 题 ································· 261第 12 章 无线网络安全 ·············· 26212.1 无线网络的安全威胁 ·········· 26212.2 无线局域网安全 ················ 26412.2.1 无线局域网概述 ··········· 26412.2.2 IEEE 802.11i 概述 ········· 26512.2.3 WPA 与 WPA2 ·············· 26712.2.4 WPA3 ························ 27012.3 移动通信安全 ··················· 27112.3.1 2G 的安全机制 ············· 27112.3.2 3G 的安全机制 ············· 27312.3.3 4G 的安全机制 ············· 27412.3.4 5G 的安全机制 ············· 27512.4 案例应用：无线局域网安全设置 ······························ 276小 结 ································· 279习 题 ································· 279第 13 章 防火墙技术 ················· 28013.1 防火墙的基本概念 ············· 28013.2 防火墙的类型 ··················· 28113.2.1 包过滤防火墙 ·············· 28113.2.2 应用代理防火墙 ··········· 28213.2.3 电路级网关防火墙 ········ 28313.2.4 状态检测防火墙 ··········· 28313.3 防火墙在网络上的设置 ······· 28513.3.1 单防火墙结构 ·············· 28513.3.2 双防火墙结构 ·············· 28713.4 防火墙基本技术 ················ 28713.4.1 包过滤技术 ················· 28713.4.2 应用代理技术 ·············· 29213.5 新一代人工智能防火墙 ······· 29613.6 案例应用：瑞星个人防火墙软件 ······························ 297小 结 ································· 301习 题 ································· 301第 14 章 入侵检测与入侵防御 ···· 30314.1 入侵检测系统概述 ············· 30314.2 入侵检测系统结构 ············· 30514.2.1 入侵检测系统的 CIDF 模型 ·························· 30514.2.2 Denning 的通用入侵检测系统模型 ····················· 30614.3 入侵检测系统类型 ············· 30714.3.1 按数据来源分类 ··········· 30714.3.2 按分析技术分类 ··········· 30914.3.3 其他分类 ···················· 31114.4 入侵防御系统 ··················· 31114.5 案例应用：入侵检测软件 Snort ······················· 313小 结 ································· 314习 题 ································· 314第 15 章 网络信息安全管理 ········ 31515.1 信息安全管理概述 ············· 31515.1.1 信息安全管理的重要性 ···· 31615.1.2 信息安全管理策略········· 31615.2 信息安全管理标准 ············· 31815.2.1 BS7799 标准 ················ 31815.2.2 安全成熟度模型 ··········· 31915.3 我国关于网络安全的法律法规 ······························ 32015.3.1 相关法律法规 ·············· 32015.3.2 《中华人民共和国电子签名法》 ···················· 32115.3.3 《中华人民共和国网络安全法》 ···················· 32215.3.4 《中华人民共和国密码法》 ···················· 323小 结 ································· 324习 题 ································· 324参考文献 ··································· 325