Cryptography and Network Security

I am reading this book "Cryptography and Network Security" (Seems Amazon does not have this book, please tell me if you find it in Amazon). Seriously, I want to learn network security, and that's why I resume this blog for making notes when I am reading it.
Hope you enjoy and rise questions or comments if you have any.

Chapter 1: Introduction
In chapter 1, it describes some basic principles of security, and attacks related to each principle. There are mainly five principles of security, they are confidentiality, authentication, integrity, availability and non-repudiation.

The principle of confidentiality specifies that only the sender and the intended recipents should be able to access the contents of a message. Confidentiality gets compromised if an unauthorized person is able to get the message. The simple example is, if user A want to send a message to user B, another user C capture the message without permission or knowledge of A and B. This type of attack is called interception.

Authentication mechanisms help establish proof of identities. The authentication ensures that the sender of a message is correctly identified. If user C sends a message to B. However, C has posed as user A when he sent this message to B. User B would not know that the message is come from C, but not A. This kind of attack is called fabrication.

When the contents of a message is changed after the sender sends it, but before it reaches the receiver, then the integrity of this message is lost. For example, user A transfers HKD $100 dollars to user B through the online Banking System. Unfortunately, user C capture the message and edit the content as "Transfer HKD $1000", both user A and B has no way of knowing that the contents were changed during the message was transferring. This attack is called modification.

Non-repudiation does not allow the sender of a message to refute the claim of not sending that message.

The principle of availability states that resources should be available to authorized parties at all times. Due to the intentional actions of an unauthorized user C, an authorized user A may not be able to contact a server B, this is an attack called interruption.

Theoretically, attacks can be divided into two categories, passive attack and active attack. passive attack is not easy to detect because attacker does not attempt to perform any modification to the data. Obviously, active attack is the opposite of passive attack, it is based on modification of the original message, and this kind of attack is easy to detect but difficult to prevent. The following two are examples of each attack.

IP Sniffing is a passive attack on an ongoing conversation. An attacker can simply observe packets they pass by. There are two ways to prevent attackers from sniffing packets. The first is encode the data before sending it, second is the transmission link itself can be encoded.

In IP Spoofing, an attacker sends packets with an incorrect source address. When this happens, the receiver has no way to know that the sender is fake, and he send replies back to the forged address, and not to the attacker. However the attacker can intercept the reply to get information he needs for hijacking attacks, or just want to cause the Denial of Service by these messages.