TweetFollow Us on Twitter

Oct 99 Bookshelf

Volume Number: 15 (1999)
Issue Number: 10
Column Tag: Programmer's Bookshelf

Review: Cryptography and Network Security

by Paul E. Sevinc, Switzerland

Principles and Practice, 2nd edition

Cryptology is a topic more and more people in the IT business have to be familiar with. If you already know the basics and only need a reference manual so to speak, choosing the right book is easy: [Menezes et al. 1997]. But if you're looking for an introductory text book, you have an ordeal of choice. One book you'll often see recommended is [Schneier 1996]. In this article we're going to take a closer look at another one, namely the 2nd edition of Cryptography and Network Security: Principles and Practice [Stallings 1999].

The Big Picture

Cryptography and Network Security (CaNS for short) has been published by Prentice Hall and was written by William Stallings, an author with quite an impressive publication list (see <http://www.prenhall.com/stallings/>). Besides, famous cryptographers like Xuejia Lai, Ron Rivest, Phil Zimmermann and many others reviewed Stallings' treatment of their special fields. In my opinion, this makes the book very trustworthy.

Between the introduction and the appendix (for teachers), CaNS is organized in four parts: Conventional Encryption, Public-Key Encryption and Hash Functions, Network Security Practice, and System Security. The introduction discusses network security models and computer security threats, thereby motivating the remainder of the text.

From the very beginning, it is obvious that CaNS is not intended to be a popular-science book but rather for (prospective) scientists and engineers.

Conventional Encryption

The first part, chapters 2 to 5, deals with symmetric cryptography, i.e. schemes in which the same key is used for both encryption and decryption. Actually, the main focus is on so-called block ciphers while stream ciphers are hardly an issue. (There are two ways how to use block ciphers as stream ciphers, though, and Stallings explains both when he treats the four block-cipher modes of operation.) The math used in this part ñmodular arithmetic, linear equations, matricesñ should be basic to most programmers.

Chapters 2 & 3 treat the building blocks of both classical and modern symmetric algorithms and show how these are used within DES, the Data Encryption Standard. With the exception of the one-time pad, the classical algorithms are nowadays insecure, but still interesting for more than just historical reasons. Chapter 3 ends with general design principles of and attacks on block ciphers. I find this to be useful to practitioners who have to decide on and implement an algorithm, not to hackers :-)

Unless interested in details of different algorithms currently in use, the reader can safely skip most of chapter 4. Nevertheless, the first section is important because it contains information about the Men-in-the-Middle attack, and the last section is a good summary of the rest of the chapter.

Most of us don't really need to know how exactly encryption works. But if we use it, we better use it right. In chapter 5, Stallings explains where and how symmetric schemes can be used in an internetwork, including the non-trivial task of key distribution. One problem in this context is generating good pseudo-random numbers. Different approaches are mentioned, but only very briefly.

Public-Key Encryption and Hash Functions

The second part, chapters 6 to 10, deals with functions that map variable-length data into a fixed-length value and with asymmetric cryptography, i.e. schemes in which different keys are used for encryption and decryption. This part is more mathematical than the last as public-key cryptosystems are heavily based on number theory, the subject of chapter 7. (Stallings only introduces what is necessary for understanding CaNS. If you're not familiar with number theory, I suggest you read this chapter before the 6th.)

Starting with the principles of public-key cryptography, chapter 6 presents RSA, the Rivest-Shamir-Adleman algorithm, the Diffie-Hellman key-exchange protocol, and key-management issues in general. At the end of this chapter, there's a short section about elliptic-curve cryptography, a hot topic of growing importance, which I highly appreciated.

Similar to chapters 3 & 4, chapter 8 first treats requirements and design principles of, as well as attacks on cryptographic hash functions and message authentication codes (key-dependent hash functions so to speak), and then chapter 9 describes four concrete algorithms in detail: MD5, SHA-1, RIPEMD-160 (that's what I call an acronym!), and HMAC.

Chapter 10 concludes the second part with a discussion of authentication protocols and digital signatures. The former include such based on symmetric cryptography, the latter DSS, the Digital Signature Standard.

Network Security Practice

The chapters in the third part (11-14) can be consulted in any order the reader likes. The prerequisites have been covered in the first two parts. This part is a nice add-on to older, in terms of IT years, computer-network books that don't cover network security (in enough detail). It includes sections on Kerberos, X.509, PGP, S/MIME, IPSec, SSL/TLS, and SET.

Kerberos and X.509 are for authentication purposes. PGP, Pretty Good Privacy, and S/MIME, Secure/Multipurpose Internet Mail Extensions, provide e-mail security. IPSec comprises the security features that have been defined for IPv6, but that can also be used with IPv4. (Those of you familiar with IP, the Internet Protocol, know that we're currently making the [slow] transition from IPv4 to IPv6.) SSL is Netscape's Secure Socket Layer which has become Transport Layer Security, an Internet standard. Finally, SET, Secure Electronic Transaction, is a specification initiated by MasterCard and Visa for credit-card payments over the internet.

By carefully reading several of these case studies, one gets a good idea of the trade-offs (e.g., security vs. complexity) involved in the design of cryptographic protocols. This is supported by Stallings' clear and concise writing and his judicious use of figures and tables.

System Security

The last part, chapters 15 & 16, is very high-level and easy to understand. However, it only provides an overview and can't replace an in-depth (and more technical) treatment of the same topics.

I was blown away by chapter 15. It is about intruders (i.e., hackers and crackers) and malicious programs, especially viruses. The many ñsometimes ingeniousñ ways of attacking a computer system and their countermeasures make for very exciting reading; look forward to a rainy Sunday!

Chapter 16 is a short chapter about the principles and goals underlying firewalls. It ends with a section on so-called trusted systems and how these can be used to defend against trojan horses.

Conclusion

CaNS is a very good introduction to cryptography, enabling you to understand and discuss the security of practical cryptosystems (e.g., the Mac OS keychain). But if you intend to develop or consult on cryptosystems yourself, you need to know more about number and information theory (see the seminal [Shannon 1948]) than is covered by Stallings. The parts about network and system security are good, too, even though they might not be applied enough for some readers (e.g., system administrators).

Every chapter ends with a set of non-trivial problems (the solutions are not part of the book). Some chapters additionally feature an appendix of their own, for example about ZIP's compression algorithm, the Birthday paradox, IPv4 and IPv6, etc. These appendices increase CaNS' usefulness and are thus worth being studied.

Finally, a five-page glossary and a one-page list of acronyms conclude this highly recommendable book.

Acknowledgments

I would like to thank Neso Atanasoski for his comments on this article and Andrew S. Downs for his editing of my Core Java review (May issue). Sorry for the delay, Andrew!

References

  • [Menezes et al. 1997] MENEZES, Alfred J., VAN OORSCHOT Paul C., VANSTONE, Scott A. ñ Handbook of Applied Cryptography, CRC Press, 1997.
  • [Schneier 1996] SCHNEIER, Bruce. ñ Applied Cryptography, Wiley, 2nd ed. 1996.
  • [Shannon 1948] SHANNON, Claude E. ñ A Mathematical Theory of Communication, pp. 379-423 (623-656) in: The Bell System Technical Journal, volume 27, July (October) 1948.
  • [Stallings 1999] STALLINGS, William. ñ Cryptography and Network Security: Principles and Practice, Prentice Hall, 2nd ed. 1999.

Paul is an EE student at the Swiss Federal Institute of Technology Zurich (ETHZ) where he might spend another three years if he accepts the Ph.D. position offered to him. But as he feels like living in the US for some time, he's wondering whether he should rather join a R&D department in Silicon Hills or Silicon Valley. While he's thinking about this, visit his homepage at http://www.stud.ee.ethz.ch/~psevinc/.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Hopper Disassembler 4.2.6- - Binary disa...
Hopper Disassembler is a binary disassembler, decompiler, and debugger for 32- and 64-bit executables. It will let you disassemble any binary you want, and provide you all the information about its... Read more
iExplorer 4.1.2.0 - View and transfer fi...
iExplorer is an iPhone browser for Mac lets you view the files on your iOS device. By using a drag and drop interface, you can quickly copy files and folders between your Mac and your iPhone or... Read more
TunnelBear 3.0.15 - Subscription-based p...
TunnelBear is a subscription-based virtual private network (VPN) service and companion app, enabling you to browse the internet privately and securely. Features Browse privately - Secure your data... Read more
Carbon Copy Cloner 4.1.16 - Easy-to-use...
Carbon Copy Cloner backups are better than ordinary backups. Suppose the unthinkable happens while you're under deadline to finish a project: your Mac is unresponsive and all you hear is an ominous,... Read more
Day One 2.3 - Maintain a daily journal.
Day One is the easiest and best-looking way to use a journal / diary / text-logging application for the Mac. Day One is well designed and extremely focused to encourage you to write more through... Read more
Sketch 45 - Design app for UX/UI for iOS...
Sketch is an innovative and fresh look at vector drawing. Its intentionally minimalist design is based upon a drawing space of unlimited size and layers, free of palettes, panels, menus, windows, and... Read more
NeoFinder 7.1 - Catalog your external me...
NeoFinder (formerly CDFinder) rapidly organizes your data, either on external or internal disks, or any other volumes. It catalogs all your data, so you stay in control of your data archive or disk... Read more
Day One 2.3 - Maintain a daily journal.
Day One is the easiest and best-looking way to use a journal / diary / text-logging application for the Mac. Day One is well designed and extremely focused to encourage you to write more through... Read more
Carbon Copy Cloner 4.1.16 - Easy-to-use...
Carbon Copy Cloner backups are better than ordinary backups. Suppose the unthinkable happens while you're under deadline to finish a project: your Mac is unresponsive and all you hear is an ominous,... Read more
Sketch 45 - Design app for UX/UI for iOS...
Sketch is an innovative and fresh look at vector drawing. Its intentionally minimalist design is based upon a drawing space of unlimited size and layers, free of palettes, panels, menus, windows, and... Read more

Latest Forum Discussions

See All

Kalimba™ (Games)
Kalimba™ 1.0 Device: iOS Universal Category: Games Price: $3.99, Version: 1.0 (iTunes) Description: ** BAFTA-nominated ‘Best New Property’ 2015 ** Jump, slide and fly your way through a beautiful, mind-bending world in this award-... | Read more »
All That Remains: Part 1 (Games)
All That Remains: Part 1 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: “Duncan Price is paranoid” they used to say. He’s just a “local nut” they said. They used to say a lot of things about... | Read more »
Super Samurai Rampage (Games)
Super Samurai Rampage 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Super Samurai Rampage is a bloody, retro pixel style high score chaser. You play as a legendary Samurai warrior provoked... | Read more »
You can now travel to Skyrim in The Elde...
The Elder Scrolls: Legends' new expansion has opened up Skyrim's craggy mountains and snowy plains for exploration today. Heroes of Skyrim is out now, adding a bunch of new Skyrim content to Bethesda's recent CCG. [Read more] | Read more »
High-stakes solitaire game 'Missile...
Missile Command and Solitaire might seem like an odd couple, but indie developer Nathan Meunier has brought them together to create his first game, Missile Cards, which launched on the App Store today. [Read more] | Read more »
Eos 2 (Music)
Eos 2 2.0.2 Device: iOS Universal Category: Music Price: $5.99, Version: 2.0.2 (iTunes) Description: | Read more »
Supercell celebrates Hay Day's comm...
Before there was Clash Royale or Clash of Clans, there was Hay Day. Now, Supercell's first game is celebrating its fifth anniversary, and the developer is commemorating the event with this touching new video. Supercell picked one long-running Hay... | Read more »
Dive into epic summer adventure with Oce...
Summer may be the best time to enjoy ocean adventures, and now you don’t even have to leave the comfort of your own home, thanks to the folks at Joycity, creators of Oceans & Empires. The old-timey naval MMO is getting a sizable new June Grand... | Read more »
Missile Cards (Games)
Missile Cards 1.0.9 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0.9 (iTunes) Description: "Missile Command meets Solitaire...only with more doomlasers, death, and explosions." | Read more »
Collect mini assassins in 'Assassin...
Assassin's Creed is traveling back in time to the Spanish Inquisition for its latest mobile entry, Assassin's Creed Rebellion. The game is giving the series a look that's a huge departure from its past design, recreating classic characters in a... | Read more »

Price Scanner via MacPrices.net

Will iPad Running iOS 11 Be The ‘Ute’ Of The...
Steve Jobs’ analogy comparing iPads and PCs to cars and trucks respectively is seven years old but still stimulates discussion and debate. Appearing on an All Things D panel in 2010 shortly after the... Read more
Free CarePassport App gives Patients control...
Boston based CarePassport is on a mission to enable patients to take control of their medical records by allowing patients to aggregate, store, share and manage all their medical data including... Read more
Western Digital Launches New My Passport Ultr...
Western Digital Corporation has expanded its WD brand My Passport portable drive line with the redesigned My Passport Ultra drive. In addition to a new metallic look, the drive offers intuitive WD... Read more
Clearance 2016 13-inch MacBook Pros available...
B&H Photo has clearance 2016 13″ MacBook Pros in stock today for up to $210 off original MSRP. Shipping is free, and B&H charges NY & NJ sales tax only: - 13″ 2.9GHz/512GB Touch Bar... Read more
Apple Releases iOS 11 Public Beta; How To Get...
The official release of Apple’s latest mobile operating system iOS 11 is vaguely slated for the fall, but as of June 26, ordinary users can download an iOS 11 public beta. To download the iOS 11... Read more
Extend Life of MacBook Pro Retina 2.0TB With...
MacSales.com/Other World Computing has announced availability of the new OWC 2.0TB Aura Pro Solid State Drive for mid-2012 to early 2013 Apple MacBook Pro with Retina display. One of the fastest... Read more
BBEdit SummerFest 2017 Discount Ends Friday,...
You can get 20% off BBEdit for a limited time in Bare Bones Software’s http://www.eastgate.com/Tinderbox/Specials/SummerFest.html?mc_cid=f2101ca260&mc_eid=[UNIQID]SummerFest 2017 sale and... Read more
Use Apple’s Education discount to save up to...
Purchase a new Mac using Apple’s Education discount, and take up to $300 off MSRP. All teachers, students, and staff of any educational institution qualify for the discount. Shipping is free: - 15″ 2... Read more
Clearance 27-inch 3.3GHz 5K iMac available fo...
Amazon clearance 27″ 3.3GHz 5K iMacs (MK482LL/A) available for $1799.90 including free shipping. Their price is $500 off original MSRP, and it’s the lowest price available for this model from any... Read more
13-inch 1.8GHz/256GB MacBook Air on sale for...
B&H Photo has the updated 2017 13″ 1.8GHz/256GB MacBook Air (MQD42LL/A) in stock and on sale for $1129 including free shipping plus NY & NJ tax only. Their price is $70 off MSRP. Read more

Jobs Board

*Apple* Online Store WW Customer Insights -...
…with data mining tools: R, SAS, etc.Experience with common shell scripting tools: unix, python, apple script, Swift etc. Apple Online is one of the largest and Read more
Engineering Project Manager, *Apple* Online...
…the electronic commerce (eCommerce) systems and solutions that enable and support the Apple Online Store (AOS) - one of world's largest online retail businesses, Read more
*Apple* News Product Marketing Mgr., Publish...
…organizational consensus on strategy and vision for publisher tools, authoring, and Apple News Format.Carries this strategy and vision across the organization to Read more
*Apple* Retail - Multiple Positions - Apple,...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
Security Data Analyst - *Apple* Information...
…data sources need to be collected to allow Information Security to better protect Apple employees and customers from a wide range of threats.Act as the subject matter Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.