TweetFollow Us on Twitter

Oct 99 Bookshelf

Volume Number: 15 (1999)
Issue Number: 10
Column Tag: Programmer's Bookshelf

Review: Cryptography and Network Security

by Paul E. Sevinc, Switzerland

Principles and Practice, 2nd edition

Cryptology is a topic more and more people in the IT business have to be familiar with. If you already know the basics and only need a reference manual so to speak, choosing the right book is easy: [Menezes et al. 1997]. But if you're looking for an introductory text book, you have an ordeal of choice. One book you'll often see recommended is [Schneier 1996]. In this article we're going to take a closer look at another one, namely the 2nd edition of Cryptography and Network Security: Principles and Practice [Stallings 1999].

The Big Picture

Cryptography and Network Security (CaNS for short) has been published by Prentice Hall and was written by William Stallings, an author with quite an impressive publication list (see <http://www.prenhall.com/stallings/>). Besides, famous cryptographers like Xuejia Lai, Ron Rivest, Phil Zimmermann and many others reviewed Stallings' treatment of their special fields. In my opinion, this makes the book very trustworthy.

Between the introduction and the appendix (for teachers), CaNS is organized in four parts: Conventional Encryption, Public-Key Encryption and Hash Functions, Network Security Practice, and System Security. The introduction discusses network security models and computer security threats, thereby motivating the remainder of the text.

From the very beginning, it is obvious that CaNS is not intended to be a popular-science book but rather for (prospective) scientists and engineers.

Conventional Encryption

The first part, chapters 2 to 5, deals with symmetric cryptography, i.e. schemes in which the same key is used for both encryption and decryption. Actually, the main focus is on so-called block ciphers while stream ciphers are hardly an issue. (There are two ways how to use block ciphers as stream ciphers, though, and Stallings explains both when he treats the four block-cipher modes of operation.) The math used in this part ñmodular arithmetic, linear equations, matricesñ should be basic to most programmers.

Chapters 2 & 3 treat the building blocks of both classical and modern symmetric algorithms and show how these are used within DES, the Data Encryption Standard. With the exception of the one-time pad, the classical algorithms are nowadays insecure, but still interesting for more than just historical reasons. Chapter 3 ends with general design principles of and attacks on block ciphers. I find this to be useful to practitioners who have to decide on and implement an algorithm, not to hackers :-)

Unless interested in details of different algorithms currently in use, the reader can safely skip most of chapter 4. Nevertheless, the first section is important because it contains information about the Men-in-the-Middle attack, and the last section is a good summary of the rest of the chapter.

Most of us don't really need to know how exactly encryption works. But if we use it, we better use it right. In chapter 5, Stallings explains where and how symmetric schemes can be used in an internetwork, including the non-trivial task of key distribution. One problem in this context is generating good pseudo-random numbers. Different approaches are mentioned, but only very briefly.

Public-Key Encryption and Hash Functions

The second part, chapters 6 to 10, deals with functions that map variable-length data into a fixed-length value and with asymmetric cryptography, i.e. schemes in which different keys are used for encryption and decryption. This part is more mathematical than the last as public-key cryptosystems are heavily based on number theory, the subject of chapter 7. (Stallings only introduces what is necessary for understanding CaNS. If you're not familiar with number theory, I suggest you read this chapter before the 6th.)

Starting with the principles of public-key cryptography, chapter 6 presents RSA, the Rivest-Shamir-Adleman algorithm, the Diffie-Hellman key-exchange protocol, and key-management issues in general. At the end of this chapter, there's a short section about elliptic-curve cryptography, a hot topic of growing importance, which I highly appreciated.

Similar to chapters 3 & 4, chapter 8 first treats requirements and design principles of, as well as attacks on cryptographic hash functions and message authentication codes (key-dependent hash functions so to speak), and then chapter 9 describes four concrete algorithms in detail: MD5, SHA-1, RIPEMD-160 (that's what I call an acronym!), and HMAC.

Chapter 10 concludes the second part with a discussion of authentication protocols and digital signatures. The former include such based on symmetric cryptography, the latter DSS, the Digital Signature Standard.

Network Security Practice

The chapters in the third part (11-14) can be consulted in any order the reader likes. The prerequisites have been covered in the first two parts. This part is a nice add-on to older, in terms of IT years, computer-network books that don't cover network security (in enough detail). It includes sections on Kerberos, X.509, PGP, S/MIME, IPSec, SSL/TLS, and SET.

Kerberos and X.509 are for authentication purposes. PGP, Pretty Good Privacy, and S/MIME, Secure/Multipurpose Internet Mail Extensions, provide e-mail security. IPSec comprises the security features that have been defined for IPv6, but that can also be used with IPv4. (Those of you familiar with IP, the Internet Protocol, know that we're currently making the [slow] transition from IPv4 to IPv6.) SSL is Netscape's Secure Socket Layer which has become Transport Layer Security, an Internet standard. Finally, SET, Secure Electronic Transaction, is a specification initiated by MasterCard and Visa for credit-card payments over the internet.

By carefully reading several of these case studies, one gets a good idea of the trade-offs (e.g., security vs. complexity) involved in the design of cryptographic protocols. This is supported by Stallings' clear and concise writing and his judicious use of figures and tables.

System Security

The last part, chapters 15 & 16, is very high-level and easy to understand. However, it only provides an overview and can't replace an in-depth (and more technical) treatment of the same topics.

I was blown away by chapter 15. It is about intruders (i.e., hackers and crackers) and malicious programs, especially viruses. The many ñsometimes ingeniousñ ways of attacking a computer system and their countermeasures make for very exciting reading; look forward to a rainy Sunday!

Chapter 16 is a short chapter about the principles and goals underlying firewalls. It ends with a section on so-called trusted systems and how these can be used to defend against trojan horses.

Conclusion

CaNS is a very good introduction to cryptography, enabling you to understand and discuss the security of practical cryptosystems (e.g., the Mac OS keychain). But if you intend to develop or consult on cryptosystems yourself, you need to know more about number and information theory (see the seminal [Shannon 1948]) than is covered by Stallings. The parts about network and system security are good, too, even though they might not be applied enough for some readers (e.g., system administrators).

Every chapter ends with a set of non-trivial problems (the solutions are not part of the book). Some chapters additionally feature an appendix of their own, for example about ZIP's compression algorithm, the Birthday paradox, IPv4 and IPv6, etc. These appendices increase CaNS' usefulness and are thus worth being studied.

Finally, a five-page glossary and a one-page list of acronyms conclude this highly recommendable book.

Acknowledgments

I would like to thank Neso Atanasoski for his comments on this article and Andrew S. Downs for his editing of my Core Java review (May issue). Sorry for the delay, Andrew!

References

  • [Menezes et al. 1997] MENEZES, Alfred J., VAN OORSCHOT Paul C., VANSTONE, Scott A. ñ Handbook of Applied Cryptography, CRC Press, 1997.
  • [Schneier 1996] SCHNEIER, Bruce. ñ Applied Cryptography, Wiley, 2nd ed. 1996.
  • [Shannon 1948] SHANNON, Claude E. ñ A Mathematical Theory of Communication, pp. 379-423 (623-656) in: The Bell System Technical Journal, volume 27, July (October) 1948.
  • [Stallings 1999] STALLINGS, William. ñ Cryptography and Network Security: Principles and Practice, Prentice Hall, 2nd ed. 1999.

Paul is an EE student at the Swiss Federal Institute of Technology Zurich (ETHZ) where he might spend another three years if he accepts the Ph.D. position offered to him. But as he feels like living in the US for some time, he's wondering whether he should rather join a R&D department in Silicon Hills or Silicon Valley. While he's thinking about this, visit his homepage at http://www.stud.ee.ethz.ch/~psevinc/.

 
AAPL
$111.78
Apple Inc.
-0.87
MSFT
$47.66
Microsoft Corpora
+0.14
GOOG
$516.35
Google Inc.
+5.25

MacTech Search:
Community Search:

Software Updates via MacUpdate

NeoOffice 2014.6 - Mac-tailored, OpenOff...
NeoOffice is a complete office suite for OS X. With NeoOffice, users can view, edit, and save OpenOffice documents, PDF files, and most Microsoft Word, Excel, and PowerPoint documents. NeoOffice 3.x... Read more
LibreOffice 4.3.5.2 - Free Open Source o...
LibreOffice is an office suite (word processor, spreadsheet, presentations, drawing tool) compatible with other major office suites. The Document Foundation is coordinating development and... Read more
CleanApp 5.0.0 Beta 5 - Application dein...
CleanApp is an application deinstaller and archiver.... Your hard drive gets fuller day by day, but do you know why? CleanApp 5 provides you with insights how to reclaim disk space. There are... Read more
Monolingual 1.6.2 - Remove unwanted OS X...
Monolingual is a program for removing unnecesary language resources from OS X, in order to reclaim several hundred megabytes of disk space. It requires a 64-bit capable Intel-based Mac and at least... Read more
NetShade 6.1 - Browse privately using an...
NetShade is an Internet security tool that conceals your IP address on the web. NetShade routes your Web connection through either a public anonymous proxy server, or one of NetShade's own dedicated... Read more
calibre 2.13 - Complete e-library manage...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
Mellel 3.3.7 - Powerful word processor w...
Mellel is the leading word processor for OS X and has been widely considered the industry standard since its inception. Mellel focuses on writers and scholars for technical writing and multilingual... Read more
ScreenFlow 5.0.1 - Create screen recordi...
Save 10% with the exclusive MacUpdate coupon code: AFMacUpdate10 Buy now! ScreenFlow is powerful, easy-to-use screencasting software for the Mac. With ScreenFlow you can record the contents of your... Read more
Simon 4.0 - Monitor changes and crashes...
Simon monitors websites and alerts you of crashes and changes. Select pages to monitor, choose your alert options, and customize your settings. Simon does the rest. Keep a watchful eye on your... Read more
BBEdit 11.0.2 - Powerful text and HTML e...
BBEdit is the leading professional HTML and text editor for the Mac. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides a... Read more

Latest Forum Discussions

See All

Make your own Tribez Figures (and More)...
Make your own Tribez Figures (and More) with Toyze Posted by Jessica Fisher on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
So Many Holiday iOS Sales Oh My Goodness...
The holiday season is in full-swing, which means a whole lot of iOS apps and games are going on sale. A bunch already have, in fact. Naturally this means we’re putting together a hand-picked list of the best discounts and sales we can find in order... | Read more »
It’s Bird vs. Bird in the New PvP Mode f...
It’s Bird vs. Bird in the New PvP Mode for Angry Birds Epic Posted by Jessica Fisher on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Telltale Games and Mojang Announce Minec...
Telltale Games and Mojang Announce Minecraft: Story Mode – A Telltale Games Series Posted by Jessica Fisher on December 19th, 2014 [ permalink ] | Read more »
WarChest and Splash Damage Annouce Their...
WarChest and Splash Damage Annouce Their New Game: Tempo Posted by Jessica Fisher on December 19th, 2014 [ permalink ] WarChest Ltd and Splash Damage Ltd are teaming up again to work | Read more »
BulkyPix Celebrates its 6th Anniversary...
BulkyPix Celebrates its 6th Anniversary with a Bunch of Free Games Posted by Jessica Fisher on December 19th, 2014 [ permalink ] BulkyPix has | Read more »
Indulge in Japanese cuisine in Cooking F...
Indulge in Japanese cuisine in Cooking Fever’s new sushi-themed update Posted by Simon Reed on December 19th, 2014 [ permalink ] Lithuanian developer Nordcurrent has yet again updated its restaurant simulat | Read more »
Badland Daydream Level Pack Arrives to C...
Badland Daydream Level Pack Arrives to Celebrate 20 Million Downloads Posted by Ellis Spice on December 19th, 2014 [ permalink ] | Read more »
Far Cry 4, Assassin’s Creed Unity, Desti...
Far Cry 4, Assassin’s Creed Unity, Destiny, and Beyond – AppSpy Takes a Look at AAA Companion Apps Posted by Rob Rich on December 19th, 2014 [ permalink ] These day | Read more »
A Bunch of Halfbrick Games Are Going Fre...
A Bunch of Halfbrick Games Are Going Free for the Holidays Posted by Ellis Spice on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »

Price Scanner via MacPrices.net

13-inch 2.6GHz Retina MacBook Pro on sale for...
Best Buy has lowered their price on the 2014 13″ 2.6GHz/128GB Retina MacBook Pro to $1149.99 on their online store for a limited time. That’s $150 off MSRP and the lowest price available for this... Read more
Kodak Returns to CES With New Consumer Produ...
Former photography colossus Kodak is returning to CES for the first time in three years where the Kodak booth (#21818 South Hall 1) will showcase a wide range of innovative, imaging-related products... Read more
Invaluable Launches New Eponymously -Named A...
Invaluable, the world’s largest online live auction marketplace, hhas announced the official launch of the Invaluable app for iPad, now available for download in the iTunes App Store. Invaluable... Read more
IDC Reveals Worldwide Mobile Enterprise Appli...
International Data Corporation (IDC) last week hosted the IDC FutureScape: Worldwide Mobile Enterprise Applications and Solutions 2015 Predictions Web conference. The session provided organizations... Read more
Hello Vino Wine App Launches “Safe Ride Home”...
Hello Vino has announced addition of a new “Get a Safe Ride Home” feature in its Food & Drink app with a direct connection to Uber, the technology platform that connects users with rides. The... Read more
DEVON-technologies Releases DEVONthink To Go...
Coeur d’Alene, Idaho based DEVON-technologies, LLC has updated DEVONthink To Go, its mobile companion to DEVONthink, to version 1.5. The update includes an iOS 8 extension, compatibility with the... Read more
The Apple Store offering free next-day shippi...
The Apple Store is now offering free next-day shipping on all in stock items if ordered before 12/23/14 at 10:00am PT. Local store pickup is also available within an hour of ordering for any in stock... Read more
It’s 1992 Again At Sony Pictures, Except For...
Techcrunch’s John Biggs interviewed a Sony Pictures Entertainment (SPE) employee, who quite understandably wished to remain anonymous, regarding post-hack conditions in SPE’s L.A office, explaining “... Read more
OtterBox Defender Series Case For iPad mini 3...
With their innovative Touch ID technology and ultrathin profile, the latest tranche of Apple iPads are more desirable than ever, and OtterBox has just announced the Defender Series custom-engineered... Read more
Holiday sales this weekend: MacBook Pros for...
 B&H Photo has new MacBook Pros on sale for up to $300 off MSRP as part of their Holiday pricing. Shipping is free, and B&H charges NY sales tax only: - 15″ 2.2GHz Retina MacBook Pro: $1699... Read more

Jobs Board

*Apple* Store Leader Program (US) - Apple, I...
…Summary Learn and grow as you explore the art of leadership at the Apple Store. You'll master our retail business inside and out through training, hands-on experience, Read more
Project Manager, *Apple* Financial Services...
**Job Summary** Apple Financial Services (AFS) offers consumers, businesses and educational institutions ways to finance Apple purchases. We work with national and Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.