TweetFollow Us on Twitter

Oct 99 Bookshelf

Volume Number: 15 (1999)
Issue Number: 10
Column Tag: Programmer's Bookshelf

Review: Cryptography and Network Security

by Paul E. Sevinc, Switzerland

Principles and Practice, 2nd edition

Cryptology is a topic more and more people in the IT business have to be familiar with. If you already know the basics and only need a reference manual so to speak, choosing the right book is easy: [Menezes et al. 1997]. But if you're looking for an introductory text book, you have an ordeal of choice. One book you'll often see recommended is [Schneier 1996]. In this article we're going to take a closer look at another one, namely the 2nd edition of Cryptography and Network Security: Principles and Practice [Stallings 1999].

The Big Picture

Cryptography and Network Security (CaNS for short) has been published by Prentice Hall and was written by William Stallings, an author with quite an impressive publication list (see <http://www.prenhall.com/stallings/>). Besides, famous cryptographers like Xuejia Lai, Ron Rivest, Phil Zimmermann and many others reviewed Stallings' treatment of their special fields. In my opinion, this makes the book very trustworthy.

Between the introduction and the appendix (for teachers), CaNS is organized in four parts: Conventional Encryption, Public-Key Encryption and Hash Functions, Network Security Practice, and System Security. The introduction discusses network security models and computer security threats, thereby motivating the remainder of the text.

From the very beginning, it is obvious that CaNS is not intended to be a popular-science book but rather for (prospective) scientists and engineers.

Conventional Encryption

The first part, chapters 2 to 5, deals with symmetric cryptography, i.e. schemes in which the same key is used for both encryption and decryption. Actually, the main focus is on so-called block ciphers while stream ciphers are hardly an issue. (There are two ways how to use block ciphers as stream ciphers, though, and Stallings explains both when he treats the four block-cipher modes of operation.) The math used in this part ñmodular arithmetic, linear equations, matricesñ should be basic to most programmers.

Chapters 2 & 3 treat the building blocks of both classical and modern symmetric algorithms and show how these are used within DES, the Data Encryption Standard. With the exception of the one-time pad, the classical algorithms are nowadays insecure, but still interesting for more than just historical reasons. Chapter 3 ends with general design principles of and attacks on block ciphers. I find this to be useful to practitioners who have to decide on and implement an algorithm, not to hackers :-)

Unless interested in details of different algorithms currently in use, the reader can safely skip most of chapter 4. Nevertheless, the first section is important because it contains information about the Men-in-the-Middle attack, and the last section is a good summary of the rest of the chapter.

Most of us don't really need to know how exactly encryption works. But if we use it, we better use it right. In chapter 5, Stallings explains where and how symmetric schemes can be used in an internetwork, including the non-trivial task of key distribution. One problem in this context is generating good pseudo-random numbers. Different approaches are mentioned, but only very briefly.

Public-Key Encryption and Hash Functions

The second part, chapters 6 to 10, deals with functions that map variable-length data into a fixed-length value and with asymmetric cryptography, i.e. schemes in which different keys are used for encryption and decryption. This part is more mathematical than the last as public-key cryptosystems are heavily based on number theory, the subject of chapter 7. (Stallings only introduces what is necessary for understanding CaNS. If you're not familiar with number theory, I suggest you read this chapter before the 6th.)

Starting with the principles of public-key cryptography, chapter 6 presents RSA, the Rivest-Shamir-Adleman algorithm, the Diffie-Hellman key-exchange protocol, and key-management issues in general. At the end of this chapter, there's a short section about elliptic-curve cryptography, a hot topic of growing importance, which I highly appreciated.

Similar to chapters 3 & 4, chapter 8 first treats requirements and design principles of, as well as attacks on cryptographic hash functions and message authentication codes (key-dependent hash functions so to speak), and then chapter 9 describes four concrete algorithms in detail: MD5, SHA-1, RIPEMD-160 (that's what I call an acronym!), and HMAC.

Chapter 10 concludes the second part with a discussion of authentication protocols and digital signatures. The former include such based on symmetric cryptography, the latter DSS, the Digital Signature Standard.

Network Security Practice

The chapters in the third part (11-14) can be consulted in any order the reader likes. The prerequisites have been covered in the first two parts. This part is a nice add-on to older, in terms of IT years, computer-network books that don't cover network security (in enough detail). It includes sections on Kerberos, X.509, PGP, S/MIME, IPSec, SSL/TLS, and SET.

Kerberos and X.509 are for authentication purposes. PGP, Pretty Good Privacy, and S/MIME, Secure/Multipurpose Internet Mail Extensions, provide e-mail security. IPSec comprises the security features that have been defined for IPv6, but that can also be used with IPv4. (Those of you familiar with IP, the Internet Protocol, know that we're currently making the [slow] transition from IPv4 to IPv6.) SSL is Netscape's Secure Socket Layer which has become Transport Layer Security, an Internet standard. Finally, SET, Secure Electronic Transaction, is a specification initiated by MasterCard and Visa for credit-card payments over the internet.

By carefully reading several of these case studies, one gets a good idea of the trade-offs (e.g., security vs. complexity) involved in the design of cryptographic protocols. This is supported by Stallings' clear and concise writing and his judicious use of figures and tables.

System Security

The last part, chapters 15 & 16, is very high-level and easy to understand. However, it only provides an overview and can't replace an in-depth (and more technical) treatment of the same topics.

I was blown away by chapter 15. It is about intruders (i.e., hackers and crackers) and malicious programs, especially viruses. The many ñsometimes ingeniousñ ways of attacking a computer system and their countermeasures make for very exciting reading; look forward to a rainy Sunday!

Chapter 16 is a short chapter about the principles and goals underlying firewalls. It ends with a section on so-called trusted systems and how these can be used to defend against trojan horses.

Conclusion

CaNS is a very good introduction to cryptography, enabling you to understand and discuss the security of practical cryptosystems (e.g., the Mac OS keychain). But if you intend to develop or consult on cryptosystems yourself, you need to know more about number and information theory (see the seminal [Shannon 1948]) than is covered by Stallings. The parts about network and system security are good, too, even though they might not be applied enough for some readers (e.g., system administrators).

Every chapter ends with a set of non-trivial problems (the solutions are not part of the book). Some chapters additionally feature an appendix of their own, for example about ZIP's compression algorithm, the Birthday paradox, IPv4 and IPv6, etc. These appendices increase CaNS' usefulness and are thus worth being studied.

Finally, a five-page glossary and a one-page list of acronyms conclude this highly recommendable book.

Acknowledgments

I would like to thank Neso Atanasoski for his comments on this article and Andrew S. Downs for his editing of my Core Java review (May issue). Sorry for the delay, Andrew!

References

  • [Menezes et al. 1997] MENEZES, Alfred J., VAN OORSCHOT Paul C., VANSTONE, Scott A. ñ Handbook of Applied Cryptography, CRC Press, 1997.
  • [Schneier 1996] SCHNEIER, Bruce. ñ Applied Cryptography, Wiley, 2nd ed. 1996.
  • [Shannon 1948] SHANNON, Claude E. ñ A Mathematical Theory of Communication, pp. 379-423 (623-656) in: The Bell System Technical Journal, volume 27, July (October) 1948.
  • [Stallings 1999] STALLINGS, William. ñ Cryptography and Network Security: Principles and Practice, Prentice Hall, 2nd ed. 1999.

Paul is an EE student at the Swiss Federal Institute of Technology Zurich (ETHZ) where he might spend another three years if he accepts the Ph.D. position offered to him. But as he feels like living in the US for some time, he's wondering whether he should rather join a R&D department in Silicon Hills or Silicon Valley. While he's thinking about this, visit his homepage at http://www.stud.ee.ethz.ch/~psevinc/.

 
AAPL
$103.30
Apple Inc.
+0.80
MSFT
$45.09
Microsoft Corpora
-0.34
GOOG
$577.33
Google Inc.
+5.73

MacTech Search:
Community Search:

Software Updates via MacUpdate

TextSoap 7.4.0 - Flexible text editing u...
TextSoap is for people who work with text. TextSoap effortlessly cleans up text from endlessly different formats. Wash away unwanted characters, spaces, tabs. Fix paragraphs with hard returns at the... Read more
NetShade 6.0.2 - Browse privately using...
NetShade is an Internet security tool that conceals your IP address on the web. NetShade routes your Web connection through either a public anonymous proxy server, or one of NetShade's own dedicated... Read more
Mac DVDRipper Pro 5.0 - Copy, backup, an...
Mac DVDRipper Pro is the DVD backup solution that lets you protect your DVDs from scratches, save your batteries by reading your movies from your hard disk, manage your collection with just a few... Read more
pwSafe 3.1 - Secure password management...
pwSafe provides simple and secure password management across devices and computers. pwSafe uses iCloud to keep your password databases backed-up and synced between Macs and iOS devices. It is... Read more
StatsBar 1.8 - Monitor system processes...
StatsBar gives you a comprehensive and detailed analysis of the following areas of your Mac: CPU usage Memory usage Disk usage Network and bandwidth usage Battery power and health (MacBooks only)... Read more
Path Finder 6.5.5 - Powerful, award-winn...
Path Finder is a file browser that combines the familiar Finder interface with the powerful utilities and innovative features. Just a small selection of the Path Finder 6 feature set: Dual pane... Read more
QuarkXPress 10.2.1 - Desktop publishing...
With QuarkXPress, you can communicate in all the ways you need to -- and always look professional -- in print and digital media, all in a single tool. Features include: Easy to Use -- QuarkXPress is... Read more
Skype 6.19.0.450 - Voice-over-internet p...
Skype allows you to talk to friends, family and co-workers across the Internet without the inconvenience of long distance telephone charges. Using peer-to-peer data transmission technology, Skype... Read more
VueScan 9.4.41 - Scanner software with a...
VueScan is a scanning program that works with most high-quality flatbed and film scanners to produce scans that have excellent color fidelity and color balance. VueScan is easy to use, and has... Read more
Cloud 3.0.0 - File sharing from your men...
Cloud is simple file sharing for the Mac. Drag a file from your Mac to the CloudApp icon in the menubar and we take care of the rest. A link to the file will automatically be copied to your clipboard... Read more

Latest Forum Discussions

See All

Modern Combat 5 Gets a Major Multiplayer...
Modern Combat 5 Gets a Major Multiplayer Update Posted by Jessica Fisher on September 2nd, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Alien Creeps TD Review
Alien Creeps TD Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: EXPENSIVE DEFENSESUniversal App - Designed for iPhone and iPad Alien Creeps TD would be a fun if unremarkable Tower Defense game, but its heavy focus on... | Read more »
The Journey Down: Chapter Two Review
The Journey Down: Chapter Two Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: DARK YET ENTICINGUniversal App - Designed for iPhone and iPad It’s a little dark, in every sense of the word, but The Journey Down:... | Read more »
Function Space, a Social Network App for...
Function Space, a Social Network App for Science, Launches on iOS Posted by Ellis Spice on September 2nd, 2014 [ permalink ] | Read more »
Stupidfast – How Taylor Martinez Switche...
How do you make an Endless Running game more than just another Endless Running game? By adding real life prizes to it, of course! That’s the thinking behind StupidFast: a game designed for football enthusiasts, and the brainchild of former college... | Read more »
Little Raiders: Robin’s Revenge Review
Little Raiders: Robin’s Revenge Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: CASUAL RAIDINGUniversal App - Designed for iPhone and iPad Combining simple combat with village building is a potent combination for... | Read more »
Treasure Tombs: Ra Deal Coming from Bulk...
Treasure Tombs: Ra Deal Coming from Bulkypix and Dark Tonic This Fall Posted by Jessica Fisher on September 2nd, 2014 [ permalink ] Dark Tonic and | Read more »
Pirate Bash Review
Pirate Bash Review By Nadia Oxford on September 2nd, 2014 Our Rating: :: BAD PIRATES, GOOD TIMESUniversal App - Designed for iPhone and iPad Pirate Bash’s turn-based battles add an intriguing twist to a typical physics game.   | Read more »
Tiny Tower Vegas Review
Tiny Tower Vegas Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: STEADY DEVELOPMENTUniversal App - Designed for iPhone and iPad Build a huge tower again but Vegas-style in Tiny Tower Vegas.   | Read more »
The Manhattan Project Review
The Manhattan Project Review By Andrew Fisher on September 2nd, 2014 Our Rating: :: ROCKET SCIENCEUniversal App - Designed for iPhone and iPad The Manhattan Project offers a great Euro-style gameplay experience, but it is totally... | Read more »

Price Scanner via MacPrices.net

Apple refurbished iPads available for up to $...
Apple is offering Certified Refurbished iPad Airs for up to $140 off MSRP. Apple’s one-year warranty is included with each model, and shipping is free. Stock tends to come and go with some of these... Read more
Are We Now In The Post-Post-PC Era?
A longtime and thoroughgoing laptop aficionado, I was more than a little dismayed by Steve Jobs’s declaration back in 2010 when he sprang the iPad on an unsuspecting world. that we’d entered a “post-... Read more
PC Outlook Improves, But 2014 Shipments Still...
According to the International Data Corporation (IDC) Worldwide Quarterly PC Tracker, worldwide PC shipments are expected to fall by -3.7 percent in 2014. To hat’s actually an improvement from the... Read more
IDC Lowers Tablet Sales Projections for 2014...
Following a second consecutive quarter of softer than expected demand, International Data Corporation (IDC) has lowered its worldwide tablet plus 2-in-1 forecast for 2014 to 233.1 million units. The... Read more
Apple now offering refurbished 21-inch 1.4GHz...
The Apple Store is now offering Apple Certified Refurbished 21″ 1.4GHz iMacs for $929 including free shipping plus Apple’s standard one-year warranty. Their price is $170 off the cost of new models,... Read more
Save $50 on the 2.5GHz Mac mini, on sale for...
B&H Photo has the 2.5GHz Mac mini on sale for $549.99 including free shipping. That’s $50 off MSRP, and B&H will also include a free copy of Parallels Desktop software. NY sales tax only. Read more
Save up to $300 on an iMac with Apple refurbi...
The Apple Store has Apple Certified Refurbished iMacs available for up to $300 off the cost of new models. Apple’s one-year warranty is standard, and shipping is free. These are the best prices on... Read more
The Rise of Phablets
Carlisle & Gallagher Consulting Group, a businesses and technology consulting firm focused solely on the financial services industry, has released an infographic depicting the convergence of... Read more
Bad Driver Database App Allows Good Drivers t...
Bad Driver Database 1.4 by Facile Group is a new iOS and Android app that lets users instantly input and see how many times a careless, reckless or just plain stupid driver has been added to the... Read more
Eddy – Cloud Music Player for iPhone/iPad Fre...
Ukraine based CapableBits announces the release of Eddy, its tiny, but smart and powerful cloud music player for iPhone and iPad that allows users to stream or download music directly from cloud... Read more

Jobs Board

*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.