Cryptography and Network Security Principles and PracticeSeve.docx

Cryptography and Network Security: Principles and Practice
Seventh Edition
Chapter 11
Cryptographic Hash Functions
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
If this PowerPoint presentation contains mathematical
equations, you may need to check that your computer has the
following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
Lecture slides prepared for “Cryptography and Network
Security”, 7/e, by William Stallings, Chapter 11 –
“Cryptographic Hash Functions”.
This chapter begins with a discussion of the wide variety of
applications for
cryptographic hash functions. Next, we look at the security
requirements for such
functions. Then we look at the use of cipher block chaining to
implement a cryptographic
hash function. The remainder of the chapter is devoted to the
most important
and widely used family of cryptographic hash functions, the
Secure Hash Algorithm
(SHA) family.
Hash Functions
A hash function H accepts a variable-length block of data M as
input and produces a fixed-size hash value

Principal object is data integrity
Cryptographic hash function
An algorithm for which it is computationally infeasible to find
either:
(a) a data object that maps to a pre-specified hash result (the
one-way property)
(b) two data objects that map to the same hash result (the
collision-free property)
A hash function H accepts a variable-length block of data M as
input and produces
a fixed-size hash value h = H(M ). A “good” hash function has
the property that the
results of applying the function to a large set of inputs will
produce outputs that are
evenly distributed and apparently random. In general terms, the
principal object of a
hash function is data integrity. A change to any bit or bits in M
results, with high probability,
in a change to the hash code.
The kind of hash function needed for security applications is
referred to as a
cryptographic hash function . A cryptographic hash function is
an algorithm for which
it is computationally infeasible (because no attack is
significantly more efficient than
brute force) to find either (a) a data object that maps to a pre-
specified hash result
(the one-way property) or (b) two data objects that map to the
same hash result (the
collision-free property). Because of these characteristics, hash
functions are often used

to determine whether or not data has changed.
2
Figure 11.1 Cryptographic Hash Function h = uppercase h left
parenthesis m right parenthesis
Figure 11.1 depicts the general operation of a cryptographic
hash function.
Typically, the input is padded out to an integer multiple of some
fixed length
(e.g., 1024 bits), and the padding includes the value of the
length of the original message
in bits. The length field is a security measure to increase the
difficulty for an
attacker to produce an alternative message with the same hash
value.
3
Figure 11.2 Attack Against Hash Function
4
Message authentication is a mechanism or service used to verify
the integrity of
a message. Message authentication assures that data received
are exactly as sent
(i.e., contain no modification, insertion, deletion, or replay). In
many cases, there is
a requirement that the authentication mechanism assures that
purported identity of

the sender is valid. When a hash function is used to provide
message authentication,
the hash function value is often referred to as a message digest .
The essence of the use of a hash function for message
authentication is as
follows. The sender computes a hash value as a function of the
bits in the message
and transmits both the hash value and the message. The receiver
performs the same
hash calculation on the message bits and compares this value
with the incoming
hash value. If there is a mismatch, the receiver knows that the
message (or possibly
the hash value) has been altered (Figure 11.2a).
The hash function must be transmitted in a secure fashion. That
is, the hash
function must be protected so that if an adversary alters or
replaces the message,
it is not feasible for adversary to also alter the hash value to
fool the receiver. This
type of attack is shown in Figure 11.2b. In this example, Alice
transmits a data block
and attaches a hash value. Darth intercepts the message, alters
or replaces the data
block, and calculates and attaches a new hash value. Bob
receives the altered data
with the new hash value and does not detect the change. To
prevent this attack, the
hash value generated by Alice must be protected.
Figure 11.3 Simplified Examples of the Use of a Hash Function
for Message Authentication

5
Figure 11.3 illustrates a variety of ways in which a hash code
can be used to
provide message authentication, as follows:
a. The message plus concatenated hash code is encrypted using
symmetric
encryption. Because only A and B share the secret key, the
message must
have come from A and has not been altered. The hash code
provides the structure
or redundancy required to achieve authentication. Because
encryption is
applied to the entire message plus hash code, confidentiality is
also provided.
b. Only the hash code is encrypted, using symmetric encryption.
This reduces the
processing burden for those applications that do not require
confidentiality.
c. It is possible to use a hash function but no encryption for
message authentication.
The technique assumes that the two communicating parties
share a common secret
value S. A computes the hash value over the concatenation of M
and S and
appends the resulting hash value to M. Because B possesses S,
it can recompute
the hash value to verify. Because the secret value itself is not
sent, an opponent
cannot modify an intercepted message and cannot generate a
false message.

d. Confidentiality can be added to the approach of method (c)
by encrypting the
entire message plus the hash code.
When confidentiality is not required, method (b) has an
advantage over
methods (a) and (d), which encrypts the entire message, in that
less computation
is required. Nevertheless, there has been growing interest in
techniques that
avoid encryption (Figure 11.3c). Several reasons for this
interest are pointed out in
[TSUD92].
• Encryption software is relatively slow. Even though the
amount of data to be
encrypted per message is small, there may be a steady stream of
messages into
and out of a system.
• Encryption hardware costs are not negligible. Low-cost chip
implementations
of DES are available, but the cost adds up if all nodes in a
network must have
this capability.
• Encryption hardware is optimized toward large data sizes. For
small blocks
of data, a high proportion of the time is spent in
initialization/invocation
overhead.
• Encryption algorithms may be covered by patents, and there
is a cost associated
with licensing their use.

Message Authentication Code (M A C)
Also known as a keyed hash function
Typically used between two parties that share a secret key to
authenticate information exchanged between those parties
Takes as input a secret key and a data block and produces a
hash value (M A C) which is associated with the protected
message
If the integrity of the message needs to be checked, the M A C
function can be applied to the message and the result compared
with the associated M A C value
An attacker who alters the message will be unable to alter the
associated M A C value without knowledge of the secret key
More commonly, message authentication is achieved using a
message authentication
code (MAC ), also known as a keyed hash function . Typically,
MACs are
used between two parties that share a secret key to authenticate
information exchanged
between those parties. A MAC function takes as input a secret
key and a
data block and produces a hash value, referred to as the MAC,
which is associated
with the protected message. If the integrity of the message
needs to be checked, the
MAC function can be applied to the message and the result
compared with the associated
MAC value. An attacker who alters the message will be unable
to alter the
associated MAC value without knowledge of the secret key.
Note that the verifying
party also knows who the sending party is because no one else
knows the secret key.

Note that the combination of hashing and encryption results in
an overall
function that is, in fact, a MAC (Figure 11.3b). That is, E(K ,
H(M )) is a function of
a variable-length message M and a secret key K , and it
produces a fixed-size output
that is secure against an opponent who does not know the
secret key. In practice,
specific MAC algorithms are designed that are generally more
efficient than an encryption
algorithm.
6
Digital Signature
Operation is similar to that of the M A C
The hash value of a message is encrypted with a user’s private
key
Anyone who knows the user’s public key can verify the
integrity of the message
An attacker who wishes to alter the message would need to
know the user’s private key
Implications of digital signatures go beyond just message
authentication
Another important application, which is similar to the message
authentication
Application, is the digital signature . The operation of the
digital signature is similar
to that of the MAC. In the case of the digital signature, the hash
value of a message
is encrypted with a user’s private key. Anyone who knows the
user’s public key
can verify the integrity of the message that is associated with
the digital signature.

In this case, an attacker who wishes to alter the message would
need to know the
user’s private key. As we shall see in Chapter 14, the
implications of digital signatures
go beyond just message authentication.
7
Figure 11.4 Simplified Examples of Digital Signatures
Figure 11.4 illustrates, in a simplified fashion, how a hash code
is used to provide
a digital signature.
a. The hash code is encrypted, using public-key encryption
with the sender’s private
key. As with Figure 11.3b, this provides authentication. It also
provides a
digital signature, because only the sender could have produced
the encrypted
hash code. In fact, this is the essence of the digital signature
technique.
b. If confidentiality as well as a digital signature is desired,
then the message
plus the private-key-encrypted hash code can be encrypted using
a symmetric
secret key. This is a common technique.
8
Other Hash Function Uses (1 of 2)
Commonly used to create a one-way password file
When a user enters a password, the hash of that password is
compared to the stored hash value for verification
This approach to password protection is used by most operating

systems
Can be used for intrusion and virus detection
Store
for each file on a system and secure the hash values
Hash functions are commonly used to create a one-way
password file . Chapter 21
explains a scheme in which a hash of a password is stored by an
operating system
rather than the password itself. Thus, the actual password is not
retrievable by
a hacker who gains access to the password file. In simple terms,
when a user enters
a password, the hash of that password is compared to the stored
hash value
for verification. This approach to password protection is used
by most operating
systems.
Hash functions can be used for intrusion detection and virus
detection . Store
H(F) for each file on a system and secure the hash values (e.g.,
on a CD-R that is
kept secure). One can later determine if a file has been modified
by recomputing
H(F). An intruder would need to change F without changing
H(F).
A cryptographic hash function can be used to construct a
pseudorandom
function (PRF) or a pseudorandom number generator (PRNG) .
A common application

for a hash-based PRF is for the generation of symmetric keys.
We discuss this
application in Chapter 12.
9
Other Hash Function Uses (2 of 2)
One can later determine if a file has been modified by re
recomputing
An intruder would need to change F without changing
Can be used to construct a pseudorandom function (P R F) or a
pseudorandom number generator (P R N G)
A common application for a hash-based P R F is for the
generation of symmetric keys
Hash functions are commonly used to create a one-way
password file . Chapter 21
explains a scheme in which a hash of a password is stored by an
operating system
rather than the password itself. Thus, the actual password is not
retrievable by
a hacker who gains access to the password file. In simple terms,
when a user enters
a password, the hash of that password is compared to the stored
hash value
for verification. This approach to password protection is used
by most operating
systems.
Hash functions can be used for intrusion detection and virus
detection . Store

H(F) for each file on a system and secure the hash values (e.g.,
on a CD-R that is
kept secure). One can later determine if a file has been modified
by recomputing
H(F). An intruder would need to change F without changing
H(F).
A cryptographic hash function can be used to construct a
pseudorandom
function (PRF) or a pseudorandom number generator (PRNG) .
A common application
for a hash-based PRF is for the generation of symmetric keys.
We discuss this
application in Chapter 12.
10
Two Simple Hash Functions (1 of 2)
Consider two simple insecure hash functions that operate using
the following general principles:
The input is viewed as a sequence of n-bit blocks
The input is processed one block at a time in an iterative
fashion to produce an n-bit hash function
Bit-by-bit exclusive-OR (XOR) of every block
Produces a simple parity for each bit position and is known as a
longitudinal redundancy check
To get some feel for the security considerations involved in
cryptographic hash functions, we present two simple, insecure
hash functions in this section. One of the simplest hash
functions is the bit-by-bit exclusive-OR (XOR) of every block,
which can be expressed as shown. This operation produces a

simple parity for each bit position and is known as a
longitudinal redundancy check. It is reasonably effective for
random data as a data integrity check. Each n-bit hash value is
equally likely. Thus, the probability that a data error will result
in an unchanged hash value is 2–n. With more predictably
formatted data, the function is less effective. For example, in
most normal text files, the high-order bit of each octet is always
zero. So if a 128-bit hash value is used, instead of an
effectiveness of 2–128, the hash function on this type of data
has an effectiveness of 2–112.
A simple way to improve matters is to perform a one-bit
circular shift, or rotation, on the hash value after each block is
processed. Although this second procedure provides a good
measure of data integrity, it is virtually useless for data security
when an encrypted hash code is used with a plaintext message.
Given a message, it is an easy matter to produce a new message
that yields that hash code: Simply prepare the desired alternate
message and then append an n-bit block that forces the new
message plus block to yield the desired hash code.
11
Two Simple Hash Functions (2 of 2)
Reasonably effective for random data as a data integrity check
Perform a one-bit circular shift on the hash value after each
block is processed
Has the effect of randomizing the input more completely and
overcoming any regularities that appear in the input
To get some feel for the security considerations involved in
cryptographic hash functions, we present two simple, insecure
hash functions in this section. One of the simplest hash
functions is the bit-by-bit exclusive-OR (XOR) of every block,
which can be expressed as shown. This operation produces a

simple parity for each bit position and is known as a
longitudinal redundancy check. It is reasonably effective for
random data as a data integrity check. Each n-bit hash value is
equally likely. Thus, the probability that a data error will result
in an unchanged hash value is 2–n. With more predictably
formatted data, the function is less effective. For example, in
most normal text files, the high-order bit of each octet is always
zero. So if a 128-bit hash value is used, instead of an
effectiveness of 2–128, the hash function on this type of data
has an effectiveness of 2–112.
A simple way to improve matters is to perform a one-bit
circular shift, or rotation, on the hash value after each block is
processed. Although this second procedure provides a good
measure of data integrity, it is virtually useless for data security
when an encrypted hash code is used with a plaintext message.
Given a message, it is an easy matter to produce a new message
that yields that hash code: Simply prepare the desired alternate
message and then append an n-bit block that forces the new
message plus block to yield the desired hash code.
12
Figure 11.5 Two Simple Hash Functions
Figure 11.5 illustrates these two types of hash functions for 16-
bit hash values.
Although the second procedure provides a good measure of data
integrity,
it is virtually useless for data security when an encrypted hash
code is used with a
plaintext message, as in Figures 11.3b and 11.4a. Given a
message, it is an easy matter

to produce a new message that yields that hash code: Simply
prepare the desired
alternate message and then append an n -bit block that forces
the new message plus
block to yield the desired hash code.
Although a simple XOR or rotated XOR (RXOR) is insufficient
if only the
hash code is encrypted, you may still feel that such a simple
function could be useful
when the message together with the hash code is encrypted
(Figure 11.3a). But
you must be careful.
13
Requirements and SecurityPreimage Collision x is the preimage
of h for a hash valueOccurs if we haveIs a data block whose
hash function, using the function H, is hBecause we are using
hash functions for data integrity, collisions are clearly
undesirableBecause H is a many-to-one mapping, for any given
hash value h, there will in general be multiple preimages
Before proceeding, we need to define two terms. For a hash
value h = H(x ), we say
that x is the preimage of h . That is, x is a data block whose
hash function, using the
function H, is h . Because H is a many-to-one mapping, for any
given hash value h ,
there will in general be multiple preimages. A collision occurs

if we have x ≠ y and
H(x ) = H(y ). Because we are using hash functions for data
integrity, collisions are
clearly undesirable.
14
Table 11.1 Requirements for a Cryptographic Hash Function
HRequirementDescriptionVariable input sizeH can be applied to
a block of data of any size. Fixed output SizeH produces a
fixed-length output. Efficiency is relatively easy to
compute for any given x. making both hardware and software
implementations practical. Preimage resistant (one-way
property)For any given hash value h. it is computationally
infeasible to find y such that
Second preimage resistant (weak collision resistant) For any
given block x, it is computationally infeasible to findCollision
resistant (strong collision resistant) It is computationally
infeasible to find any pairPseudo randomnessOutput of H meets
standard tests for
Pseudo randomness
15
Table 11.1 lists the generally accepted requirements for a
cryptographic hash function.
The first three properties are requirements for the practical

application of a
hash function.
The fourth property, preimage resistant , is the one-way
property: it is easy
to generate a code given a message, but virtually impossible to
generate a message
given a code. This property is important if the authentication
technique involves the
use of a secret value (Figure 11.3c). The secret value itself is
not sent.
The fifth property, second preimage resistant , guarantees that
it is impossible
to find an alternative message with the same hash value as a
given message. This
prevents forgery when an encrypted hash code is used (Figures
11.3b and 11.4a). If
this property were not true, an attacker would be capable of the
following sequence:
First, observe or intercept a message plus its encrypted hash
code; second, generate
an unencrypted hash code from the message; third, generate an
alternate message
with the same hash code.
A hash function that satisfies the first five properties in Table
11.1 is referred
to as a weak hash function. If the sixth property, collision
resistant , is also satisfied,
then it is referred to as a strong hash function. A strong hash
function protects
against an attack in which one party generates a message for
another party to sign.
For example, suppose Bob writes an IOU message, sends it to
Alice, and she signs

it. Bob finds two messages with the same hash, one of which
requires Alice to pay a
small amount and one that requires a large payment. Alice signs
the first message,
and Bob is then able to claim that the second message is
authentic
The final requirement in Table 11.1, pseudorandomness , has
not traditionally
been listed as a requirement of cryptographic hash functions but
is more or less implied.
[JOHN05] points out that cryptographic hash functions are
commonly used
for key derivation and pseudorandom number generation, and
that in message integrity
applications, the three resistant properties depend on the output
of the hash
function appearing to be random. Thus, it makes sense to verify
that in fact a given
hash function produces pseudorandom output.
Figure 11.6 Relationship Among Hash Function Properties
Figure 11.6 shows the relationships among the three resistant
properties.
A function that is collision resistant is also second preimage
resistant, but the
reverse is not necessarily true. A function can be collision
resistant but not preimage
resistant and vice versa. A function can be preimage resistant
but not second
preimage resistant and vice versa. See [MENE97] for a
discussion.

16
Table 11.2 Hash Function Resistance Properties Required for
Various Data Integrity ApplicationsBlankPreimage
ResistantSecond Preimage ResistantCollision ResistantHash +
digital SignatureYesYesYes*Intrusion Detection and virus
detectionBlankYes
BlankHash + symmetric encryptionBlankBlankBlankOne-way
password fileYesBlankBlankMACYesYesYes*
* Resistance required if attacker is able to mount a chosen
message attack
Table 11.2 shows the resistant properties required for various
hash function
applications.
17
Attacks on Hash FunctionsBrute-Force AttacksCryptanalysis
Does not depend on the specific algorithm, only depends on bit
lengthAn attack based on weaknesses in a particular
cryptographic algorithmIn the case of a hash function, attack
depends only on the bit length of the hash valueSeek to exploit
some property of the algorithm to perform some attack other
than an exhaustive searchMethod is to pick values at random
and try each one until a collision occursBlank
As with encryption algorithms, there are two categories of
attacks on hash
functions: brute-force attacks and cryptanalysis. A brute-force
attack does not depend
on the specific algorithm but depends only on bit length. In the
case of a hash

function, a brute-force attack depends only on the bit length of
the hash value. A
cryptanalysis, in contrast, is an attack based on weaknesses in a
particular cryptographic
algorithm.
18
Collision Resistant Attacks (1 of 3)
For a collision resistant attack, an adversary wishes to find two
messages or data blocks that yield the same hash function
The effort required is explained by a mathematical result
referred to as the birthday paradox
Yuval proposed the following strategy to exploit the birthday
paradox in a collision resistant attack:
The source (A) is prepared to sign a legitimate message x by
appending the appropriate m-bit hash code and encrypting that
hash code with A’s private key
19
For a collision resistant attack, an adversary wishes
to find two messages or data blocks, x and y , that yield the
same hash function:
H(x) = H(y). This turns out to require considerably less effort
than a preimage or
second preimage attack. The effort required is explained by a
mathematical result
referred to as the birthday paradox. In essence, if we choose
random variables from
a uniform distribution in the range 0 through N - 1, then the
probability that a
repeated element is encountered exceeds 0.5 after √N choices
have been made.
Thus, for an m-bit hash value, if we pick data blocks at random,

we can expect to
find two data blocks with the same hash value within √2m =
2m/2 attempts. The
mathematical derivation of this result is found in Appendix U.
paradox in a
Collision resistant attack [YUVA79].
The source, A, is prepared to sign a legitimate message x by
hash code with A’s private key (Figure 11.4a).
2. The opponent generates 2m/2 variations x’ of x, all of which
convey essentially
the same meaning, and stores the messages and their hash
values.
3. The opponent prepares a fraudulent message y for which A’s
signature is
desired.
4. The opponent generates minor variations y’ of y, all of
which convey essentially
the same meaning. For each y’, the opponent computes H(y’),
checks
for matches with any of the H(x’) values, and continues until a
match is found.
That is, the process continues until a y’ is generated with a hash
value equal to
the hash value of one of the x’ values.
5. The opponent offers the valid variation to A for signature.
This signature can
then be attached to the fraudulent variation for transmission to
the intended

recipient. Because the two variations have the same hash code,
they will produce
the same signature; the opponent is assured of success even
though the
encryption key is not known.
Thus, if a 64-bit hash code is used, the level of effort required
is only on the
order of 232 [see Appendix U, Equation (U.7)].
The generation of many variations that convey the same
meaning is not difficult.
For example, the opponent could insert a number of “space-
space-backspace”
character pairs between words throughout the document.
Variations could then
be generated by substituting “space-backspace-space” in
selected instances.
Alternatively, the opponent could simply reword the message
but retain the
Meaning. Figure 11.7 provides an example.
To summarize, for a hash code of length m, the level of effort
required, as we
have seen, is proportional to the following.
Preimage resistant 2m
Second preimage resistant2m
Collision resistant 2m/2
Collision Resistant Attacks (2 of 3)
Opponent generates
all with

essentially the same meaning, and stores the messages and their
hash values
Opponent prepares a fraudulent message y for which A’s
signature is desired
Opponent generates minor variations
which convey essentially the same meaning. For
the opponent computes
matches with any of the
values, and continues
until a match is found. That is, the process continues
is generated with a hash value equal to the
hash value of one of the
20
For a collision resistant attack, an adversary wishes
to find two messages or data blocks, x and y , that yield the
same hash function:
H(x) = H(y). This turns out to require considerably less effort
than a preimage or
second preimage attack. The effort required is explained by a
mathematical result
referred to as the birthday paradox. In essence, if we choose

random variables from
a uniform distribution in the range 0 through N - 1, then the
probability that a
repeated element is encountered exceeds 0.5 after √N choices
have been made.
Thus, for an m-bit hash value, if we pick data blocks at random,
we can expect to
find two data blocks with the same hash value within √2m =
2m/2 attempts. The
mathematical derivation of this result is found in Appendix U.
paradox in a
Collision resistant attack [YUVA79].
The source, A, is prepared to sign a legitimate message x by
hash code with A’s private key (Figure 11.4a).
2. The opponent generates 2m/2 variations x’ …
List of Cases by Chapter
Chapter 1
Development Projects in Lagos, Nigeria 2
“Throwing Good Money after Bad”: the BBC’s
Digital Media Initiative 10
MegaTech, Inc. 29
The IT Department at Hamelin Hospital 30
Disney’s Expedition Everest 31
Rescue of Chilean Miners 32

Chapter 2
Tesla’s $5 Billion Gamble 37
Electronic Arts and the Power of Strong Culture
in Design Teams 64
Rolls-Royce Corporation 67
Classic Case: Paradise Lost—The Xerox Alto 68
Project Task Estimation and the Culture of “Gotcha!” 69
Widgets ’R Us 70
Chapter 3
Project Selection Procedures: A Cross-Industry
Sampler 77
Project Selection and Screening at GE: The Tollgate
Process 97
Keflavik Paper Company 111
Project Selection at Nova Western, Inc. 112
Chapter 4
Leading by Example for the London Olympics—
Sir John Armitt 116
Dr. Elattuvalapil Sreedharan, India’s Project
Management Guru 126
The Challenge of Managing Internationally 133
In Search of Effective Project Managers 137
Finding the Emotional Intelligence to Be a Real Leader 137
Problems with John 138
Chapter 5
“We look like fools.”—Oregon’s Failed Rollout

of Its ObamacareWeb Site 145
Statements of Work: Then and Now 151
Defining a Project Work Package 163
Boeing’s Virtual Fence 172
California’s High-Speed Rail Project 173
Project Management at Dotcom.com 175
The Expeditionary Fighting Vehicle 176
Chapter 6
Engineers Without Borders: Project Teams Impacting
Lives 187
Tele-Immersion Technology Eases the Use of Virtual
Teams 203
Columbus Instruments 215
The Bean Counter and the Cowboy 216
Johnson & Rogers Software Engineering, Inc. 217
Chapter 7
The Building that Melted Cars 224
Bank of America Completely Misjudges Its Customers 230
Collapse of Shanghai Apartment Building 239
Classic Case: de Havilland’s Falling Comet 245
The Spanish Navy Pays Nearly $3 Billion for a Submarine
That Will Sink Like a Stone 248
Classic Case: Tacoma Narrows Suspension Bridge 249
Chapter 8
Sochi Olympics—What’s the Cost of National
Prestige? 257
The Hidden Costs of Infrastructure Projects—The Case
of Building Dams 286

Boston’s Central Artery/Tunnel Project 288
Chapter 9
After 20 Years and More Than $50 Billion, Oil is No Closer
to the Surface: The Caspian Kashagan Project 297
Chapter 10
Enlarging the Panama Canal 331
Project Scheduling at Blanque Cheque Construction (A) 360
Project Scheduling at Blanque Cheque Construction (B) 360
Chapter 11
Developing Projects Through Kickstarter—Do Delivery
Dates Mean Anything? 367
Eli Lilly Pharmaceuticals and Its Commitment to Critical
Chain Project Management 385
It’s an Agile World 396
Ramstein Products, Inc. 397
Chapter 12
Hong Kong Connects to the World’s Longest Natural
Gas Pipeline 401
The Problems of Multitasking 427
Chapter 13
New York City’s CityTime Project 432
Earned Value at Northrop Grumman 451
The IT Department at Kimble College 463
The Superconducting Supercollider 464
Boeing’s 787 Dreamliner: Failure to Launch 465
Chapter 14

Duke Energy and Its Cancelled Levy County Nuclear
Power Plant 478
Aftermath of a “Feeding Frenzy”: Dubai and Cancelled
Construction Projects 490
New Jersey Kills Hudson River Tunnel Project 497
The Project That Wouldn’t Die 499
The Navy Scraps Development of Its Showpiece
Warship—Until the Next Bad Idea 500
Project ManageMent
achieving coMPetitive advantage
Jeffrey K. Pinto
Pennsylvania State University
Boston Columbus Indianapolis New York San Francisco
Hoboken Amsterdam
Cape Town Dubai London Madrid Milan Munich Paris Montreal
Toronto Delhi
Mexico City São Paulo Sydney Hong Kong Seoul Singapore
Taipei Tokyo
F o u r t h E d i t i o n
To Mary Beth, my wife, with the most profound thanks and love
for her unwavering
support. And, to our children, Emily, AJ, and Joseph—three
“projects” that are definitely

over budget but that are performing far better than I could have
hoped!
VP, Product Management: Donna Battista
Editor-in-Chief: Stephanie Wall
Acquisitions Editor: Dan Tylman
Program Manager Team Lead: Ashley Santora
Program Manager: Claudia Fernandes
Editorial Assistant: Linda Albelli
VP, Marketing: Maggie Moylan
Product Marketing Manager: Anne Fahlgren
Field Marketing Manager: Lenny Raper
Strategic Marketing Manager: Erin Gardner
Project Manager Team Lead: Judy Leale
Project Manager: Nicole Suddeth
Operations Specialist: Carol Melville
Cover Designer: Lumina Datamatics, Inc
Cover Photo: f11photo/Fotolia
VP, Director of Digital Strategy & Assessment:
Paul Gentile
Manager of Learning Applications: Paul Deluca
Digital Editor: Brian Surette
Digital Studio Manager: Diane Lombardo
Digital Studio Project Manager: Robin Lazrus
Digital Studio Project Manager: Alana Coles
Digital Studio Project Manager: Monique Lawrence
Digital Studio Project Manager: Regina DaSilva
Full-Service Project Management and Composition:
Integra
Printer/Binder: Edwards Brothers
Cover Printer: Phoenix Color/Hagerstown
Text Font: 10/12 Palatino
Credits and acknowledgments borrowed from other sources and

reproduced, with permission, in this textbook appear
on the appropriate page within text.
Microsoft and/or its respective suppliers make no
representations about the suitability of the information
contained
in the documents and related graphics published as part of the
services for any purpose. All such documents and
related graphics are provided “as is” without warranty of any
kind. Microsoft and/or its respective suppliers hereby
disclaim all warranties and conditions with regard to this
information, including all warranties and conditions of
merchantability, whether express, implied or statutory, fitness
for a particular purpose, title and non-infringement.
In no event shall Microsoft and/or its respective suppliers be
liable for any special, indirect or consequential damages
or any damages whatsoever resulting from loss of use, data or
profits, whether in an action of contract, negligence or
other tortious action, arising out of or in connection with the
use or performance of information available from the
services. The documents and related graphics contained herein
could include technical inaccuracies or typographical
errors. Changes are periodically added to the information
herein. Microsoft and/or its respective suppliers may make
improvements and/or changes in the product(s) and/or the
program(s) described herein at any time. Partial screen
shots may be viewed in full within the software version
specified.
Microsoft® Windows®, and Microsoft Office® are registered
trademarks of the Microsoft Corporation in the U.S.A.
and other countries. This book is not sponsored or endorsed by
or affiliated with the Microsoft Corporation.
Copyright © 2016, 2013, 2010, 2007 by Pearson Education, Inc.
All rights reserved. Manufactured in the United

States of America. This publication is protected by Copyright,
and permission should be obtained from the publisher
prior to any prohibited reproduction, storage in a retrieval
system, or transmission in any form or by any means,
electronic, mechanical, photocopying, recording, or likewise.
For information regarding permissions, request forms
and the appropriate contacts within the Pearson Education
Global Rights & Permissions department, please visit
www.pearsoned.com/permissions/.
Many of the designations by manufacturers and sellers to
distinguish their products are claimed as trademarks. Where
those designations appear in this book, and the publisher was
aware of a trademark claim, the designations have been
printed in initial caps or all caps.
Library of Congress Cataloging-in-Publication Data
Pinto, Jeffrey K.
Project management : achieving competitive advantage/Jeffrey
K. Pinto.—Fourth edition.
pages cm
Includes index.
ISBN 978-0-13-379807-4 (alk. paper)—ISBN 0-13-379807-0
(alk. paper) 1. Project management. I. Title.
HD69.P75P5498 2016
658.4'04—dc23
2014036595
10 9 8 7 6 5 4 3 2 1
ISBN 10: 0-13-379807-0
ISBN 13: 978-0-13-379807-4
http://www.pearsoned.com/permissions/

iii
BrIEF COnTEnTS
Preface xiii
Chapter 1 Introduction: Why Project Management? 1
Chapter 2 The Organizational Context: Strategy, Structure, and
Culture 36
Chapter 3 Project Selection and Portfolio Management 76
Chapter 4 Leadership and the Project Manager 115
Chapter 5 Scope Management 144
Chapter 6 Project Team Building, Conflict, and Negotiation
186
Chapter 7 Risk Management 223
Chapter 8 Cost Estimation and Budgeting 256
Chapter 9 Project Scheduling: Networks, Duration Estimation,
and Critical Path 296
Chapter 10 Project Scheduling: Lagging, Crashing, and
Activity Networks 330
Chapter 11 Advanced Topics in Planning and Scheduling: Agile
and Critical Chain 366
Chapter 12 Resource Management 400

Chapter 13 Project Evaluation and Control 431
Chapter 14 Project Closeout and Termination 477
Appendix A The Cumulative Standard Normal Distribution 509
Appendix B Tutorial for MS Project 2013 510
Appendix C Project Plan Template 520
Glossary 524
Company Index 534
Name Index 535
Subject Index 538
iv
COnTEnTS
Preface xiii
Chapter 1 IntroduCtIon: Why ProjeCt ManageMent? 1
Project Profile: Development Projects in Lagos, Nigeria 2
Introduction 4
1.1 What Is a Project? 5
General Project Characteristics 6
1.2 Why Are Projects Important? 9
Project Profile: “Throwing Good Money after Bad”: the BBC’s

Digital
Media Initiative 10
1.3 Project Life Cycles 13
◾ Box 1.1: Project Managers in Practice 15
1.4 Determinants of Project Success 16
◾ Box 1.2: Project Management Research in Brief 19
1.5 Developing Project Management Maturity 19
1.6 Project Elements and Text Organization 23
Summary 27 • Key Terms 29 • Discussion
Questions 29
• Case Study 1.1 MegaTech, Inc. 29 • Case Study 1.2
The IT
Department at Hamelin Hospital 30 • Case Study
1.3 Disney’s Expedition
Everest 31 • Case Study 1.4 Rescue of Chilean
Miners 32 • Internet
Exercises 33 • PMP Certification Sample Questions
34 • Notes 34
Chapter 2 the organIzatIonal Context: Strategy, StruCture,
and Culture 36
Project Profile: Tesla’s $5 Billion Gamble 37
Introduction 38
2.1 Projects and Organizational Strategy 39
2.2 Stakeholder Management 41
Identifying Project Stakeholders 42
Managing Stakeholders 45

2.3 Organizational Structure 47
2.4 Forms of Organizational Structure 48
Functional Organizations 48
Project Organizations 50
Matrix Organizations 53
Moving to Heavyweight Project Organizations 55
2.5 Project Management Offices 57
2.6 Organizational Culture 59
How Do Cultures Form? 61
Organizational Culture and Project Management 63
Project Profile: Electronic Arts and the Power of Strong Culture
in Design Teams 64
Questions 67 • Case
Study 2.1 Rolls-Royce Corporation 67 • Case Study 2.2
Classic Case:
Paradise Lost—The Xerox Alto 68 • Case Study 2.3
Project Task Estimation
and the Culture of “Gotcha!” 69 • Case Study 2.4
Widgets ’R Us 70
• Internet Exercises 70 • PMP Certification
Sample Questions 70
• Integrated Project—Building Your Project Plan 72
• Notes 74
Contents v

Chapter 3 ProjeCt SeleCtIon and PortfolIo ManageMent 76
Project Profile: Project Selection Procedures: A Cross-Industry
Sampler 77
Introduction 78
3.1 Project Selection 78
3.2 Approaches to Project Screening and Selection 80
Method One: Checklist Model 80
Method Two: Simplified Scoring Models 82
Limitations of Scoring Models 84
Method Three: The Analytical Hierarchy Process 84
Method Four: Profile Models 88
3.3 Financial Models 90
Payback Period 90
Net Present Value 92
Discounted Payback 94
Internal Rate of Return 94
Choosing a Project Selection Approach 96
Project Profile: Project Selection and Screening at GE: The
Tollgate Process 97
3.4 Project Portfolio Management 98
Objectives and Initiatives 99
Developing a Proactive Portfolio 100
Keys to Successful Project Portfolio Management 103
Problems in Implementing Portfolio Management 104
Summary 105 • Key Terms 106 • Solved
Problems 107
• Discussion Questions 108 • Problems 108 •
Case Study 3.1
Keflavik Paper Company 111 • Case Study 3.2 Project
Selection at Nova

Western, Inc. 112 • Internet Exercises 113 •
Notes 113
Chapter 4 leaderShIP and the ProjeCt Manager 115
Project Profile: Leading by Example for the London Olympics—
Sir John Armitt 116
Introduction 117
4.1 Leaders Versus Managers 118
4.2 How the Project Manager Leads 119
Acquiring Project Resources 119
Motivating and Building Teams 120
Having a Vision and Fighting Fires 121
Communicating 121
4.3 Traits of Effective Project Leaders 125
Conclusions about Project Leaders 126
Project Profile: Dr. Elattuvalapil Sreedharan, India’s Project
Management Guru 126
4.4 Project Champions 127
Champions—Who Are They? 128
What Do Champions Do? 129
How to Make a Champion 130
4.5 The New Project Leadership 131
Project Profile: The Challenge of Managing Internationally 133
4.6 Project Management Professionalism 134

vi Contents
Questions 136
• Case Study 4.1 In Search of Effective Project Managers 137
• Case Study 4.2 Finding the Emotional Intelligence to Be a
Real Leader 137
• Case Study 4.3 Problems with John 138 • Internet
Exercises 141
• PMP Certification Sample Questions 141 • Notes
142
Chapter 5 SCoPe ManageMent 144
Project Profile: “We look like fools.”—Oregon’s Failed Rollout
of Its Obamacare
Web Site 145
Introduction 146
5.1 Conceptual Development 148
The Statement of Work 150
The Project Charter 151
Project Profile: Statements of Work: Then and Now 151
5.2 The Scope Statement 153
The Work Breakdown Structure 153
Purposes of the Work Breakdown Structure 154
The Organization Breakdown Structure 159
The Responsibility Assignment Matrix 160
5.3 Work Authorization 161
Project Profile: Defining a Project Work Package 163

5.4 Scope Reporting 164
5.5 Control Systems 167
Configuration Management 167
5.6 Project Closeout 169
Questions 171
• Problems 172 • Case Study 5.1 Boeing’s Virtual
Fence 172
• Case Study 5.2 California’s High-Speed Rail Project
173 • Case
Study 5.3 Project Management at Dotcom.com 175 •
Case Study 5.4
The Expeditionary Fighting Vehicle 176 • Internet
Exercises 178
• PMP Certification Sample Questions 178 • MS
Project Exercises 179
• Appendix 5.1: Sample Project Charter 180 •
Integrated Project—
Developing the Work Breakdown Structure 182 •
Notes 184
Chapter 6 ProjeCt teaM BuIldIng, ConflICt, and negotIatIon
186
Project Profile: Engineers Without Borders: Project Teams
Impacting Lives 187
Introduction 188
6.1 Building the Project Team 189
Identify Necessary Skill Sets 189
Identify People Who Match the Skills 189
Talk to Potential Team Members and Negotiate with Functional
Heads 189

Build in Fallback Positions 191
Assemble the Team 191
6.2 Characteristics of Effective Project Teams 192
A Clear Sense of Mission 192
A Productive Interdependency 192
Cohesiveness 193
Trust 193
Enthusiasm 193
Results Orientation 194
Contents vii
6.3 Reasons Why Teams Fail 194
Poorly Developed or Unclear Goals 194
Poorly Defined Project Team Roles and Interdependencies 194
Lack of Project Team Motivation 195
Poor Communication 195
Poor Leadership 195
Turnover Among Project Team Members 196
Dysfunctional Behavior 196
6.4 Stages in Group Development 196
Stage One: Forming 197
Stage Two: Storming 197
Stage Three: Norming 198
Stage Four: Performing 198
Stage Five: Adjourning 198
Punctuated Equilibrium 198
6.5 Achieving Cross-Functional Cooperation 199
Superordinate Goals 199
Rules and Procedures 200
Physical Proximity 201

Accessibility 201
Outcomes of Cooperation: Task and Psychosocial Results 201
6.6 Virtual Project Teams 202
Project Profile: Tele-Immersion Technology Eases the Use
of Virtual Teams 203
6.7 Conflict Management 204
What Is Conflict? 205
Sources of Conflict 206
Methods for Resolving Conflict 208
6.8 Negotiation 209
Questions to Ask Prior to the Negotiation 209
Principled Negotiation 210
Invent Options for Mutual Gain 212
Insist on Using Objective Criteria 213
Questions 215 • Case
Study 6.1 Columbus Instruments 215 • Case Study 6.2
The Bean Counter
and the Cowboy 216 • Case Study 6.3 Johnson &
Rogers Software
Engineering, Inc. 217 • Exercise in Negotiation
219 • Internet
220 • Notes 221
Chapter 7 rISk ManageMent 223
Project Profile: The Building that Melted Cars 224
Introduction 225

7.1 Risk Management: A Four-Stage Process 228
Risk Identification 228
Project Profile: Bank of America Completely Misjudges Its
Customers 230
Risk Breakdown Structures 231
Analysis of Probability and Consequences 231
Risk Mitigation Strategies 234
viii Contents
Use of Contingency Reserves 236
Other Mitigation Strategies 237
Control and Documentation 237
Project Profile: Collapse of Shanghai Apartment Building 239
7.2 Project Risk Management: An Integrated Approach 241
Problem 244 • Discussion
Questions 244 • Problems 244 • Case Study 7.1
Classic Case: de
Havilland’s Falling Comet 245 • Case Study 7.2 The
Spanish Navy Pays
Nearly $3 Billion for a Submarine That Will Sink
Like a Stone 248 • Case
Study 7.3 Classic Case: Tacoma Narrows Suspension
Bridge 249 • Internet
251 • Integrated
Project—Project Risk Assessment 253 • Notes 255
Chapter 8 CoSt eStIMatIon and BudgetIng 256
Project Profile: Sochi Olympics—What’s the Cost of National
Prestige? 257

8.1 Cost Management 259
Direct Versus Indirect Costs 260
Recurring Versus Nonrecurring Costs 261
Fixed Versus Variable Costs 261
Normal Versus Expedited Costs 262
8.2 Cost Estimation 262
Learning Curves in Cost Estimation 266
Problems with Cost Estimation 272
8.3 Creating a Project Budget 275
Top-Down Budgeting 275
Bottom-Up Budgeting 276
Activity-Based Costing 276
8.4 Developing Budget Contingencies 278
Problems 282
• Discussion Questions 283 • Problems 284 •
Case Study 8.1 The
Hidden Costs of Infrastructure Projects—The Case of Building
Dams 286
• Case Study 8.2 Boston’s Central Artery/Tunnel Project
288 • Internet
290 • Integrated
Project—Developing the Cost Estimates and Budget
292 • Notes 294
Chapter 9 ProjeCt SChedulIng: netWorkS, duratIon
eStIMatIon,

and CrItICal Path 296
Project Profile: After 20 Years and More Than $50 Billion, Oil
is No Closer to the Surface:
The Caspian Kashagan Project 297
Introduction 298
9.1 Project Scheduling 299
9.2 Key Scheduling Terminology 300
9.3 Developing a Network 302
Labeling Nodes 303
Serial Activities 303
Concurrent Activities 303
Merge Activities 304
Burst Activities 305
9.4 Duration Estimation 307
Contents ix
9.5 Constructing the Critical Path 311
Calculating the Network 311
The Forward Pass 312
The Backward Pass 314
Probability of Project Completion 316
Laddering Activities 318
Hammock Activities 319
Options for Reducing the Critical Path 320

Problems 323 •
Discussion Questions 325 • Problems 325 •
Internet
Exercises 327 • MS Project Exercises 328 •
PMP Certification
Sample Questions 328 • Notes 329
Chapter 10 ProjeCt SChedulIng: laggIng, CraShIng, and
aCtIvIty
netWorkS 330
Project Profile: Enlarging the Panama Canal 331
Introduction 333
10.1 Lags in Precedence Relationships 333
Finish to Start 333
Finish to Finish 334
Start to Start 334
Start to Finish 335
10.2 Gantt Charts 335
Adding Resources to Gantt Charts 337
Incorporating Lags in Gantt Charts 338
10.3 Crashing Projects 340
Options for Accelerating Projects 340
Crashing the Project: Budget Effects 346
10.4 Activity-on-Arrow Networks 348
How Are They Different? 348
Dummy Activities 351
Forward and Backward Passes with AOA Networks 352
AOA Versus AON 353

10.5 Controversies in the Use of Networks 354
Conclusions 356
Problems 357 • Discussion
Questions 358 • Problems 358 • Case Study 10.1
Project Scheduling
at Blanque Cheque Construction (A) 360 • Case
Study 10.2 Project
Scheduling at Blanque Cheque Construction (B) 360
• MS Project
361 • Integrated
Project—Developing the Project Schedule 363 •
Notes 365
Chapter 11 advanCed toPICS In PlannIng and SChedulIng:
agIle
and CrItICal ChaIn 366
Project Profile: Developing Projects Through Kickstarter—Do
Delivery Dates Mean
Anything? 367
Introduction 368
11.1 Agile Project Management 369
What Is Unique About Agile PM? 370
x Contents
Tasks Versus Stories 371
Key Terms in Agile PM 372
Steps in Agile 373
Sprint Planning 374

Daily Scrums 374
The Development Work 374
Sprint Reviews 375
Sprint Retrospective 376
Problems with Agile 376
11.2 Extreme Programming (XP) 377
11.3 The Theory of Constraints and Critical Chain Project
Scheduling 377
Theory of Constraints 378
11.4 The Critical Chain
Solution
to Project Scheduling 379
Developing the Critical Chain Activity Network 381
Critical Chain

Cryptography and Network Security Principles and PracticeSeve.docx

Recommended

Recommended

More Related Content

Similar to Cryptography and Network Security Principles and PracticeSeve.docx

Similar to Cryptography and Network Security Principles and PracticeSeve.docx (20)

More from mydrynan

More from mydrynan (20)

Recently uploaded

Recently uploaded (20)

Cryptography and Network Security Principles and PracticeSeve.docx