Cryptography and Network Security: Principles and Practice, 2nd ed. 20
| Cryptography and Network Security: Principles and Practice, 2nd | |
| author | William Stallings |
| pages | 569 |
| publisher | Prentice Hall, 1999 |
| rating | 8/10 |
| reviewer | randombit |
| ISBN | 0-13-869017-0 |
| summary | Cryptography and Network Security examines the practical applications of cryptography in today's networked systems |
The Scenario
So, after reading Applied Cryptography and the Handbook of Applied Cryptography, you want to see some real systems at work. Enough with this academic stuff, you say. Cryptography and Network Security may be just the book for you. It covers Kerberos, X.509, PGP, S/MIME, IPSec, SSL/TLS, and SET, in much greater detail than you will find in books such as Applied Cryptography. This is a book for "real world" crypto. Even if this would be your first book on cryptography, Stallings provides most of the background you need to understand what's going on.
What's Bad?
There are a few rather annoying omissions in the book's coverage, including no mention of Optimal Asymmetric Encryption Padding (OAEP), which is used in many of the most important new cryptography standards, and only passing references to IEEE P1363, a very important proposed standard which has already produced copious industry and academic support.
Part 4 was less interesting, and also did not seem to delve as deeply into its topics as earlier chapters did.
What's Good?
Almost everything. Stallings' writing style makes for reasonably easy reading, though those without a good background in math and programming may have problems in the denser areas.
While the focus is on practical applications, the author gives you all the information you need. Instead of covering a large number of algorithms (most of which are never used in real applications) in a very brief manner like Applied Cryptography, Stallings examines in detail a small number of popular and commonly used algorithms, including IDEA, RC5, CAST-128, and Blowfish, and devotes a full chapter for DES. Public-key encryption is not ignored either, with coverage of RSA, Diffie-Hellman, DSA, and Elliptic Curve Cryptography.
But the really good stuff is in the second half of the book. Want a clear and thorough description of the IPSec protocols? Flip to chapter 13 and read away! Not to leave you hanging if you haven't been keeping up with the latest RFCs (for shame!), he also describes both the IPv4 and IPv6 packet formats. Similarly, in the section on S/MIME, before jumping straight into the cryptographic aspects, he helpfully first describes what MIME does, why it was invented, and how it works.
Handily enough, the book also makes a good introductory textbook. The explanations are clear, and little background is assumed. Also, there are problems at the end of each chapter which cover practical applications of and attacks on cryptographic systems.
So What's In It For Me?
If you want a good introduction to practical cryptography, get this book. It supplements the more theoretical focus of other popular books in the area, while still being fairly complete.
Purchase this book at ThinkGeek.
Table of Contents
Chapter 1: Introduction- Attacks, Services, and Mechanisms
- Security Attacks
- Security Services
- A Model for Internetwork Security
- Outline of this Book
- Recommended Reading
Chapter 2: Classical Techniques
- Conventional Encryption Model
- Steganography
- Classical Encryption Techniques
- Simplified DES
- Block Cipher Principles
- The Data Encryption Standard
- The Strength of DES
- Differential and Linear Cryptanalysis
- Block Cipher Design Principles
- Block Cipher Modes of Operation
- Appendix: Bent Functions
- Triple DES
- IDEA
- Blowfish
- RC5
- CAST-128
- RC2
- Characteristics of Advanced Symmetric Block Ciphers
- Placement of Encryption Function
- Traffic Confidentiality
- Key Distribution
- Random Number Generation
Chapter 6: Public-Key Cryptography
- Principles of Public-Key Cryptosystems
- The RSA Algorithm
- Key Management
- Diffie-Hellman Key Exchange
- Elliptic Curve Cryptography
- Prime and Relatively Prime Numbers
- Modular Arithmetic
- Fermat's and Euler's Theorems
- Testing for Primality
- Euclid's Algorithm
- The Chinese Remainder Theorem
- Discrete Logarithms
- Authentication Requirements
- Authentication Functions
- Message Authentication Functions
- Hash Functions
- Security of Hash Functions and MACs
- Appendix: Mathematical Basis of the Birthday Attack
- MD5
- SHA-1
- RIPEMD-160
- HMAC
- Digital Signatures
- Authentication Protocols
- Digital Signature Standard
- Appendix: Proof of the DSS Algorithm
Chapter 11: Authentication Applications
- Kerberos
- X.509 Directory Authentication Service
- Appendix: Kerberos Encryption Techniques
- Pretty Good Privacy
- S/MIME
- Appendix: Data Compression Using ZIP
- Appendix: Radix-64 Conversion
- Appendix: PGP Random Number Generation
- IP Security Overview
- IP Security Architecture
- Authentication Header
- Encapsulating Security Payload
- Combining Security Associations
- Key Management
- Appendix: Internetworking and Internet Protocols
- Web Security Requirements
- Secure Sockets Layer and Transport Layer Security
- Secure Electronic Transaction
Chapter 15: Intruders, Viruses, and Worms
- Intruders
- Viruses and Related Threats
- Firewall Design Principles
- Trusted Systems
- Research Projects
- Programming Projects
- Reading/Report Assignments
I read the book (Score:1)
another occasional source for the book (Score:1)
dennis
Re:AARGH! ENOUGH! (Score:1)
As far as reviews are concerned, they might have journalistic integrity. Story selection might a different issue altogether.
I have no idea how many reviews they get sent, so it's hard to estimate what it they get bad reviews. It is rather disappointing, though, to see a trend developing lately:
I'm not claiming that there is a conspiracy at work here, but since ThinkGeek is also an Andover.net company, it is sad to see the Slashdot book review section become ThinkGeek book reviews.
A good price for this book can be found... (Score:1)
www.booksnow.com
$58.80!
Book is OK, but it glosses over small details (Score:1)
Re:OAEP omission (Score:1)
My purpose was a good gentle introduction to crypto and security issues, and it was mostly ok for that. Personally, I would have like some other security issues discussed such as protocol failures in basic TCP/IP (SYN flooding and consequences, like how you can spoof IP addresses between mutually trusting systems, etc.), but it seems like if it didn't involve crypto it wasn't in the book (there's a lot to network security beyond crypto, after all).
I also would have liked some system security issues discussed at least a little bit -- basics of Bell-Lapuda or BAN logic, or something like that. But again that wasn't really the author's goal here -- so I can just supplement with outside material.
The omission of OAEP is a little more troublesome. He does talk about HMAC, but glosses over the idea of using crypto primitives to make higher-level functionality, and the proofs associated with it. With the direction of crypto research these days, I would hope that maybe in the 3rd edition he'd devote a chapter to such issues.
Anyway, my bottom line is that it served my purpose as a textbook very well, and I simply supplemented with outside material when necessary. For the purpose of a textbook, frankly I think Schneier's book would be terrible -- very little substance on the "whys" and the "hows", and too much on the cookbook approach. That's certainly not what I want to teach -- I want to teach the thinking behind the ideas, not recipes. I'm not sure if I'd use Stallings' book for a grad course because even it doesn't go too much into the whys and the current research topics. Or perhaps I'd just supplement with more research papers and outside material...
Re:A note on price (Score:1)
It appears that by brevity may well be the soul of wit, it doesn't make for a good price comparison. Your point is the reason I did what I did. While ThinkGeek's discount was not great, I was pointing out that the other's either weren't discounted, or in one case had a trivial discount.
It does have a snazzy looking cover... (Score:1)
Re:the effects of CARTOONS sounds more interesting (Score:1)
I INSIST that you shoot me now! (nyaaah!)
Re:A note on price (Score:1)
If you do want to save money, try bestbookbuys [bestbookbuys.com]. You can price shop for any book. I suggest we leave price comparisons to these guys and keep the discussions to the books in question.
Disclaimer: Pinball Wizard is not affiliated with slashdot in any way and does not speak for them.
the effects of CARTOONS sounds more interesting (Score:1)
Daffy Duck from the 30s to the late 40s was the best.
THE BEST DAMNIT!!!!!
Re:We need more encryption (Score:1)
Why don't you two write it? (Score:2)
RJH, since you'e an INFOSEC professional, you have field experience in implementing these protocols and desinging systems for security. You must have tales to tell about design and implementation decisions that were made, which ones failed and which ones haven't failed, yet.
I say you two ought to get together and write this book that you're wishing was written. After all, "scratching your own itch" is the Free Software way.
Schneier's protocol credentials (Score:2)
If you scoff when you hear Schneier called a "security expert", then you don't understand what his credentials are. Is he God? No. In fact, Schneier's been flat-out wrong before (anybody here remember MacGuffin, and his latest campaign against elliptical curve cryptography?).
But to say that Schneier is a crypto expert and not a protocol expert flies in the face of Schneier's body of published work.
How many protocols and ciphers have -you- broken?
A note on price (Score:2)
Re:Only covers half the subject (Score:3)
What also might be good is to include protocols which, while working today, are not scalable to future systems. Right now I'm employed by a company working in the electronic publishing market, and it's surprising how many otherwise-good ideas are completely impracticable. (The good news is, the worst offenders are all proprietary. The open systems have fared the best.)
Last year during CRYPTO99, some IBM researchers released a paper which was lauded as having provable security. Caused a minor media uproar, up until it was broken. Turns out that if you can create an environment where just one of the assumptions behind the protocol is no longer valid, the entire protocol fell apart. I can't think of the name of it for the life of me, though. It didn't exactly impress me as being the Holy Grail, and I wasn't exactly surprised when it was broken.
Another good example is Microsoft's Virtual Private Networking. Version 1.0 was horribly broken; version 2.0 was a considerable improvement, but since it was (is) downwardly-compatible with 1.0, it's also bug-compatible with 1.0.
Then there's Netscape's SSL difficulties from version 3 (?). Although the SSL protocol was implemented correctly, Netscape's random number generator was deterministic.
Then there was the telco which was using the standard C rand() function to create random session keys (company name withheld, but yes, it's a big one).
A major credit-card company (you probably have one of their cards in your wallet) depends on nobody being able to break repeated-XOR encryption and having enough knowledge of IBM's SNA in order to eavesdrop on their network.
... I don't know as much about academic protocols being broken through the standard literature as I do about brain-damaged implementations of protocols. I'm a practical cryptographer, not a theoretical one. But good God, if you were to make a top ten list of the stupidest protocols (and implementations thereof), you'd spend years just trying to whittle the list of thousands of candidates down to the ten worst.
I don't know. I'd have to think about it for a while to come up with my own list of candidates for the Provably Stupid award. Ask me again tomorrow and I might have a better idea.
Re:Only covers half the subject (Score:3)
failed protocols. I think protocol design one of the areas which is needed most and understood least in cryptography. We're a long way from Bellare's "a cryptographer is a machine which turns primitives into protocols"...
Can we start compiling some examples of protocols, exercises, and material
which would go into such a book?
Avi Rubin and Matt Franklin had a course on "Protocol Design" at NYU
http://cs.nyu.edu/cs/dept_info/course_home_page
which has an list of references and some problem sets. In particular, there's a reference to
some papers like
J. Moore, "Protocol Failures in Cryptosystems," Proceedings of the
IEEE, 5(76), 1988, 594-602.
and
P. Syverson, "Limitations on Design Principles for Public Key
Protocols," IEEE Symposium on Security and Privacy, Oakland, CA, 1996, 62-72.
which look very interesting.
The differences between SSL 1.0, 2.0 and 3.0
should be in such a book as well. Especially the
attacks in which an adversary can force use of a weaker cipher.
You'd probably also want a discussion of "security proofs" and "definitions of security."
In particular, pointing out limitations in such things as BAN logic. I don't know much about specific failures here; anyone have an example?
A while back I asked on sci.crypt about "provably stupid protocols" -- protocols where the proofs were _correct_, but according to misguided definitions. Looking that up in Deja would produce some possible examples (though maybe not protocols in the sense you may be using).
What else?
Cryptography Books (Score:4)
Just my $.02
Only covers half the subject (Score:5)
First, I've got to say that I'm glad that someone has come out with a companion to Applied Cryptography; where Applied Cryptography talks about ciphers in some detail, it's woefully light on protocols--and most of the interesting security attacks out there are protocol attacks, not cipher attacks. If the review posted is accurate, then we can use it as an adjunct to Menezes and Schneier, not as a replacement. This is a Good Thing(tm).
Second, for all that I'm looking forward to buying this book, I think that it ignores a very rich and informative part of the subject. Why not take a book of the same size and cover failed protocols, and explain where the protocols failed and why? I like to joke that there are only three or four different protocol attacks; software authors just insist on renaming them for every new system. An awful lot of good could be done by educating software engineers about what has failed, in the hopes that people will learn and not make those same mistakes again.
I'm grateful to Bruce Schneier and Alfred Menezes for their introductory works in crypto (and compared to graduate-level mathematics, Schneier's and Menezes' books are introductory), but I sometimes fear that they lull software engineers into a false sense of security; people think that "well, since Schneier says 3DES is secure, I can just use that and be safe". It's very tempting to do that, but security is not something which can be added into a piece of software like you can add salt to a recipe. It is a mistake to take a cookbook approach to security, which is the unintended consequence of books such as these.
What I'd really love to see is a book which shows failed protocols, and the dangers of cookbook security.
Having a cookbook available doesn't guarantee that what you cook will be edible.
OAEP omission (Score:5)
It's a shame, but not too surprising, to hear that the book doesn't
cover OAEP. Especially as Coron, Naccache, Joye, and Pailler have a paper in EUROCRYPT '00 about
"New Attacks on PKCS #1 v1.5 Encryption"
abstract at :
http://www.eleves.ens.fr:8080/home/coron/scienc
I have not read the paper yet, but the abstract is scary.
Some background : the RSA function x^e mod n
should not be used directly for encrypting data.
For one thing, it's deteministic; the same x produces the same x^e always. An adversary can use this to look for common plaintexts (consider what happens if you encipher a message letter-by-letter this way...). For another, there are all kinds of clever attacks which can recover messages which are related, or can break the scheme if you send too many messages, and so on.
Dan Boneh has a cool overview of these attacks and others in his "Twenty Years of Attacks on RSA" paper
http://crypto.stanford.edu/~dabo/abstracts/RSAa
Some kind of padding scheme is necessary. Some padding schemes are better than others. The scheme which pads with random garbage at the end of the message, for instance, is not very good.
The Public Key Crypto Standard (PKCS) #1 specifies the padding scheme used for RSA encryption. Version 1.5 had this scheme which was kind of thought to be sort of OK but nobody knew really. Now we are finding that it wasn't quite
as good as we thought...
Optimal Asymmetric Encryption Padding (OAEP)
is another padding scheme. It is specified in version 2 of PCKS #1 because it seems to resist the attacks which killed version 1.5 . The neat thing about it is that you would expect it to resist these attacks and others because there is a "proof of security" which relates breaking the padding to breaking the RSA problem.
That is, there's a proof which shows that extracting *any* information from the encrypted padded messages is just as hard as breaking the RSA problem on random instances. The scheme may still fail, but only if the RSA problem "underlying it" happens to be easy...like if we chose a too short modulus. We don't have to worry about stupid things like sending the wrong kind of messages any more.
Is it important that OAEP was omitted in a "practical" handbook? In my opinion, yes and no.
There's no need for the proof of security to be included. But the *reason* for the proof, that is, the existence of these really subtle and weird attacks which can leak information when you're not expecting it...that seems quite important in practice. Along with an explanation of how to use schemes like OAEP to cut out as many of these attacks as possible.
It's worth noting, however, that OAEP *is* described in the _Handbook of Applied Cryptography_, which is available for download at
http://cacr.math.uwaterloo.ca/hac/
No proofs here, just a straightforward diagram and "how to implement." For the actual proof, you can check out Bellare and Rogaway's paper at
http://www-cse.ucsd.edu/users/mihir/papers/pke.
OAEP is also specified in the IEEE P1363 standard, which has its website here :
http://www.manta.ieee.org/groups/1363/
the standard covers other algorithms and protocols as well. The website's worth checking out.
While we're at it, does anyone know of a good treatment/introduction to the proofs of security involved in OAEP and similar?