TweetFollow Us on Twitter

Oct 99 Bookshelf

Volume Number: 15 (1999)
Issue Number: 10
Column Tag: Programmer's Bookshelf

Review: Cryptography and Network Security

by Paul E. Sevinc, Switzerland

Principles and Practice, 2nd edition

Cryptology is a topic more and more people in the IT business have to be familiar with. If you already know the basics and only need a reference manual so to speak, choosing the right book is easy: [Menezes et al. 1997]. But if you're looking for an introductory text book, you have an ordeal of choice. One book you'll often see recommended is [Schneier 1996]. In this article we're going to take a closer look at another one, namely the 2nd edition of Cryptography and Network Security: Principles and Practice [Stallings 1999].

The Big Picture

Cryptography and Network Security (CaNS for short) has been published by Prentice Hall and was written by William Stallings, an author with quite an impressive publication list (see <http://www.prenhall.com/stallings/>). Besides, famous cryptographers like Xuejia Lai, Ron Rivest, Phil Zimmermann and many others reviewed Stallings' treatment of their special fields. In my opinion, this makes the book very trustworthy.

Between the introduction and the appendix (for teachers), CaNS is organized in four parts: Conventional Encryption, Public-Key Encryption and Hash Functions, Network Security Practice, and System Security. The introduction discusses network security models and computer security threats, thereby motivating the remainder of the text.

From the very beginning, it is obvious that CaNS is not intended to be a popular-science book but rather for (prospective) scientists and engineers.

Conventional Encryption

The first part, chapters 2 to 5, deals with symmetric cryptography, i.e. schemes in which the same key is used for both encryption and decryption. Actually, the main focus is on so-called block ciphers while stream ciphers are hardly an issue. (There are two ways how to use block ciphers as stream ciphers, though, and Stallings explains both when he treats the four block-cipher modes of operation.) The math used in this part ñmodular arithmetic, linear equations, matricesñ should be basic to most programmers.

Chapters 2 & 3 treat the building blocks of both classical and modern symmetric algorithms and show how these are used within DES, the Data Encryption Standard. With the exception of the one-time pad, the classical algorithms are nowadays insecure, but still interesting for more than just historical reasons. Chapter 3 ends with general design principles of and attacks on block ciphers. I find this to be useful to practitioners who have to decide on and implement an algorithm, not to hackers :-)

Unless interested in details of different algorithms currently in use, the reader can safely skip most of chapter 4. Nevertheless, the first section is important because it contains information about the Men-in-the-Middle attack, and the last section is a good summary of the rest of the chapter.

Most of us don't really need to know how exactly encryption works. But if we use it, we better use it right. In chapter 5, Stallings explains where and how symmetric schemes can be used in an internetwork, including the non-trivial task of key distribution. One problem in this context is generating good pseudo-random numbers. Different approaches are mentioned, but only very briefly.

Public-Key Encryption and Hash Functions

The second part, chapters 6 to 10, deals with functions that map variable-length data into a fixed-length value and with asymmetric cryptography, i.e. schemes in which different keys are used for encryption and decryption. This part is more mathematical than the last as public-key cryptosystems are heavily based on number theory, the subject of chapter 7. (Stallings only introduces what is necessary for understanding CaNS. If you're not familiar with number theory, I suggest you read this chapter before the 6th.)

Starting with the principles of public-key cryptography, chapter 6 presents RSA, the Rivest-Shamir-Adleman algorithm, the Diffie-Hellman key-exchange protocol, and key-management issues in general. At the end of this chapter, there's a short section about elliptic-curve cryptography, a hot topic of growing importance, which I highly appreciated.

Similar to chapters 3 & 4, chapter 8 first treats requirements and design principles of, as well as attacks on cryptographic hash functions and message authentication codes (key-dependent hash functions so to speak), and then chapter 9 describes four concrete algorithms in detail: MD5, SHA-1, RIPEMD-160 (that's what I call an acronym!), and HMAC.

Chapter 10 concludes the second part with a discussion of authentication protocols and digital signatures. The former include such based on symmetric cryptography, the latter DSS, the Digital Signature Standard.

Network Security Practice

The chapters in the third part (11-14) can be consulted in any order the reader likes. The prerequisites have been covered in the first two parts. This part is a nice add-on to older, in terms of IT years, computer-network books that don't cover network security (in enough detail). It includes sections on Kerberos, X.509, PGP, S/MIME, IPSec, SSL/TLS, and SET.

Kerberos and X.509 are for authentication purposes. PGP, Pretty Good Privacy, and S/MIME, Secure/Multipurpose Internet Mail Extensions, provide e-mail security. IPSec comprises the security features that have been defined for IPv6, but that can also be used with IPv4. (Those of you familiar with IP, the Internet Protocol, know that we're currently making the [slow] transition from IPv4 to IPv6.) SSL is Netscape's Secure Socket Layer which has become Transport Layer Security, an Internet standard. Finally, SET, Secure Electronic Transaction, is a specification initiated by MasterCard and Visa for credit-card payments over the internet.

By carefully reading several of these case studies, one gets a good idea of the trade-offs (e.g., security vs. complexity) involved in the design of cryptographic protocols. This is supported by Stallings' clear and concise writing and his judicious use of figures and tables.

System Security

The last part, chapters 15 & 16, is very high-level and easy to understand. However, it only provides an overview and can't replace an in-depth (and more technical) treatment of the same topics.

I was blown away by chapter 15. It is about intruders (i.e., hackers and crackers) and malicious programs, especially viruses. The many ñsometimes ingeniousñ ways of attacking a computer system and their countermeasures make for very exciting reading; look forward to a rainy Sunday!

Chapter 16 is a short chapter about the principles and goals underlying firewalls. It ends with a section on so-called trusted systems and how these can be used to defend against trojan horses.

Conclusion

CaNS is a very good introduction to cryptography, enabling you to understand and discuss the security of practical cryptosystems (e.g., the Mac OS keychain). But if you intend to develop or consult on cryptosystems yourself, you need to know more about number and information theory (see the seminal [Shannon 1948]) than is covered by Stallings. The parts about network and system security are good, too, even though they might not be applied enough for some readers (e.g., system administrators).

Every chapter ends with a set of non-trivial problems (the solutions are not part of the book). Some chapters additionally feature an appendix of their own, for example about ZIP's compression algorithm, the Birthday paradox, IPv4 and IPv6, etc. These appendices increase CaNS' usefulness and are thus worth being studied.

Finally, a five-page glossary and a one-page list of acronyms conclude this highly recommendable book.

Acknowledgments

I would like to thank Neso Atanasoski for his comments on this article and Andrew S. Downs for his editing of my Core Java review (May issue). Sorry for the delay, Andrew!

References

  • [Menezes et al. 1997] MENEZES, Alfred J., VAN OORSCHOT Paul C., VANSTONE, Scott A. ñ Handbook of Applied Cryptography, CRC Press, 1997.
  • [Schneier 1996] SCHNEIER, Bruce. ñ Applied Cryptography, Wiley, 2nd ed. 1996.
  • [Shannon 1948] SHANNON, Claude E. ñ A Mathematical Theory of Communication, pp. 379-423 (623-656) in: The Bell System Technical Journal, volume 27, July (October) 1948.
  • [Stallings 1999] STALLINGS, William. ñ Cryptography and Network Security: Principles and Practice, Prentice Hall, 2nd ed. 1999.

Paul is an EE student at the Swiss Federal Institute of Technology Zurich (ETHZ) where he might spend another three years if he accepts the Ph.D. position offered to him. But as he feels like living in the US for some time, he's wondering whether he should rather join a R&D department in Silicon Hills or Silicon Valley. While he's thinking about this, visit his homepage at http://www.stud.ee.ethz.ch/~psevinc/.

 
AAPL
$116.48
Apple Inc.
+1.81
MSFT
$48.58
Microsoft Corpora
+0.36
GOOG
$533.50
Google Inc.
-3.49

MacTech Search:
Community Search:

Software Updates via MacUpdate

PhotoDesk 3.0.1 - Instagram client for p...
PhotoDesk lets you view, like, comment, and download Instagram pictures/videos! (NO Uploads! / Image Posting! Instagram forbids that! AND you *need* an *existing* Instagram account). But you can do... Read more
SuperDuper! 2.7.3 - Advanced disk clonin...
SuperDuper! is an advanced, yet easy to use disk copying program. It can, of course, make a straight copy, or "clone" -- useful when you want to move all your data from one machine to another, or do... Read more
MacJournal 6.1.5 - Create, maintain, and...
MacJournal is the world's most popular journaling software for the Mac. MacJournal 6 adds a calendar mode that show entries from any journal, geolocation, word count, and progress tracking, as well... Read more
Skim 1.4.10 - PDF Reader and note-taker...
Skim is a PDF reader and note-taker for OS X. It is designed to help you read and annotate scientific papers in PDF, but is also great for viewing any PDF file. Skim includes many features and has a... Read more
FontExplorer X Pro 4.2.2 - Font manageme...
FontExplorer X Pro is optimized for professional use; it's the solution that gives you the power you need to manage all your fonts. Now you can more easily manage, activate and organize your... Read more
SoftRAID 5.0.5 - High-quality RAID manag...
SoftRAID allows you to create and manage disk arrays to increase performance and reliability. SoftRAID's intuitive interface and powerful feature set makes this utility a must have for any Mac OS X... Read more
DEVONthink Pro 2.8.2 - Knowledge base, i...
Save 10% with our exclusive coupon code: MACUPDATE10 DEVONthink Pro is your essential assistant for today's world, where almost everything is digital. From shopping receipts to important research... Read more
Airmail 2.0.1 - Powerful, minimal email...
Airmail 2 is a new mail client designed for OS X 10.10 Yosemite with fast performance and intuitive interaction. Support for iCloud, MS Exchange, Gmail, Google Apps, IMAP, POP3, Yahoo!, AOL, Outlook.... Read more
Together 3.3.3 - Store and organize all...
Together helps you organize your Mac, giving you the ability to store, edit and preview your files in a single clean, uncluttered interface. Smart storage. With simple drag-and-drop functionality,... Read more
OsiriX 6.0.1 - 3D medical image processi...
OsiriX is an image processing software dedicated to DICOM images (".dcm" / ".DCM" extension) produced by medical equipment (MRI, CT, PET, PET-CT, ...) and confocal microscopy (LSM and BioRAD-PIC... Read more

Latest Forum Discussions

See All

Tapventures Review
Tapventures Review By Jennifer Allen on November 20th, 2014 Our Rating: :: ODDLY COMPELLINGUniversal App - Designed for iPhone and iPad Tapventures is an increasingly hands-off one-tap RPG, but expect it to hook you despite your... | Read more »
Who Wore it Best? The Hunger Games: Girl...
With The Hunger Games: Mockingjay Part 1 out this weekend, Who Wore it Best? pits two Hunger Games tie-ins, Girl on Fire and Panem Run, against each other in a brutal and pointless fight to the death. I wonder where we got that idea from? | Read more »
Ironkill Review
Ironkill Review By Jennifer Allen on November 20th, 2014 Our Rating: :: LACKLUSTER PUNCHINGUniversal App - Designed for iPhone and iPad Ironkill is a freemium focused fighting game that doesn’t offer particularly thrilling fights... | Read more »
Real-Time Multiplayer Match-3 RPG Crusad...
Real-Time Multiplayer Match-3 RPG Crusaders Quest Set to Launch Next Month Posted by Ellis Spice on November 20th, 2014 [ permalink ] | Read more »
Checkpoint Champion Review
Checkpoint Champion Review By Jennifer Allen on November 20th, 2014 Our Rating: :: SPEEDY DRIFTINGUniversal App - Designed for iPhone and iPad Checkpoint Champion is a drift-focused racing game that’s ideal for short but fun gaming... | Read more »
MediaFire iOS 8 Native Update Brings New...
MediaFire iOS 8 Native Update Brings New “Power Upload” Feature to iPad and iPhone Posted by Jessica Fisher on November 20th, 2014 [ | Read more »
Mark of the Dragon Review
Mark of the Dragon Review By Nadia Oxford on November 20th, 2014 Our Rating: :: TRAIN YOUR DRAGON FOR WARUniversal App - Designed for iPhone and iPad Mark of the Dragon is a bit rough and scaly, but flying into battle on the backs... | Read more »
My PlayHome School (Entertainment)
My PlayHome School 1.0.1 Device: iOS Universal Category: Entertainment Price: $2.99, Version: 1.0.1 (iTunes) Description: New from the creators of the award winning "My PlayHome"! "My PlayHome School" expands the PlayHome world into... | Read more »
Strap On Your Nope Hat – Five Nights at...
Strap On Your Nope Hat – Five Nights at Freddy’s 2 is Now Available for iOS. Posted by Jessica Fisher on November 20th, 2014 [ permalink ] | Read more »
My PomPom
My PomPom By Nadia Oxford on November 20th, 2014 Our Rating: :: SEND IT BACKUniversal App - Designed for iPhone and iPad My PomPom probably won’t hold your interest long enough to truly become your PomPom.   | Read more »

Price Scanner via MacPrices.net

64GB iPod touch on sale for $249, save $50
Best Buy has the 64GB iPod touch on sale for $249 on their online store for a limited time. Their price is $50 off MSRP. Choose free shipping or free local store pickup (if available). Sale price for... Read more
15″ 2.2GHz Retina MacBook Pro on sale for $17...
 B&H Photo has the 2014 15″ 2.2GHz Retina MacBook Pro on sale for $1799.99 for a limited time. Shipping is free, and B&H charges NY sales tax only. B&H will also include free copies of... Read more
New Logitech AnyAngle Case/Stand Brings Flexi...
Logitec has announced the newest addition to its suite of tablet products — the Logitech AnyAngle. A protective case with an any-angle stand for iPad Air 2 and all iPad mini models, AnyAngle is the... Read more
2013 15-inch 2.0GHz Retina MacBook Pro availa...
B&H Photo has leftover previous-generation 15″ 2.0GHz Retina MacBook Pros available for $1499 including free shipping plus NY sales tax only. Their price is $500 off original MSRP. B&H will... Read more
16GB Retina iPad mini on sale today for $199,...
 Staples has 2nd generation 16GB Retina iPad minis on sale for $199 on their online store for a limited time. Their price is $100 off MSRP. Choose free shipping or free local store pickup (if... Read more
Developers Start Designing Apps for Apple Wat...
Apple has announced the availability of WatchKit, software that gives developers a set of tools to easily create experiences designed specifically for Apple Watch. Apple’s developer community can now... Read more
C Spire Launches iPad Air 2 and iPad Mini 3 o...
C Spire has announced that iPad Air 2 with Wi-Fi + Cellular and iPad mini 3 with Wi-Fi + Cellular are now available on its 4G LTE network. C Spire offers both new iPads with a range of data plans... Read more
Are You On Your Last PC? – The ‘Book Mystique
Will your current PC be your last? Quite possibly so if you define “personal computer” as a traditional desktop or laptop form factor machine according to some commentators. So then, the upshot that... Read more
Save up to $180 on MacBook Airs with Apple re...
The Apple Store has Apple Certified Refurbished 2014 MacBook Airs available for up to $180 off the cost of new models. An Apple one-year warranty is included with each MacBook, and shipping is free.... Read more
16GB iPad mini available for $219, save $30
Walmart has 16GB iPad minis (1st generation) available for $219 on their online store. Their price is $30 off MSRP. Choose free shipping or free store pickup (if available). Price for online orders... Read more

Jobs Board

*Apple* Store Leader Program - College Gradu...
Job Description: Job Summary As an Apple Store Leader Program agent, you can continue your education as you major in the art of leadership at the Apple Store. You'll Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Project Manager / Business Analyst, WW *Appl...
…a senior project manager / business analyst to work within our Worldwide Apple Fulfillment Operations and the Business Process Re-engineering team. This role will work Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.