____________________________________________________________________

Reviews of two good textbooks on networks and security

by Bob Bruen, Cipher Book Review Editor

____________________________________________________________________

Stallings, William.

Network and Internetwork Security: Principles and Practice.

Prentice-Hall & IEEE Press. 1995. 462 pages.

Glossary, bibliography (183 entries), index, chapter appendices,

standards citation list.

LoC TK5105.5.S728. ISBN 0-02-415483-0. IEEE ISBN:-0-7803-1107-8. $58.

----------------

William Stallings has had numerous books published over the years. This

recent addition to the network security field is a textbook covering

some of the required basics. It has two major divisions, principles and

practice. Principles are encryption, public keys, authentication and

a chapter on intruders, viruses and worms. Practice covers crypto

algorithms, authentication, email and SNMP. There is also an excellent

overview of network security preceeding the two main divisions and he

has provided a large number of illustrations, graphs, diagrams and even

the list passwords used by the infamous Morris worm of 1988.

Since this is a textbook, there are problem sets at the end of each

chapter. He also does something I appreciate in a book, he puts

recommended reading at the end of each chapter so that you have a subject

bibliography, but he also includes all the reading in one large

bibliography at the end of the book. Most author choose only one approach

which limits its usefulness.

Each chapter has several appendices that either provide the related math

or an in depth discussion of particular topics that are helpful, but not

necessary for understanding the chapter. For example, the chapter on

public-key cryptography has an appendix to introduce number theory and

one that covers the complexity of algorithms. The chapter itself covered

the definition of PKs, RSA and key management. The chapter on conventional

encryption has a five page, detailed explanation of the birthday attack

as its appendix.

His chapter on email security only includes PGP and PEM descriptions,

but they are good introductions. The chapter on authentication includes

a brief, but clear, twenty pages on Kerberos. The same chapter explains

the Diffie-Hellman key exchange in a way that symbolizes his style

throughout the book. He does not use Alice and Bob, but instead focuses

on the algorithm, so you see more of "a mod p" in his text. While this

is not a criticism of his style, it is an observation that differentiates

his book from some other books.

The LUC public-key algorithm, along with its basis, large integers

in a Lucas sequence, has almost ten pages devoted to it. Schneier(1996)

gives only one page to it saying it is not more secure than RSA and he

does not trust it. LUC seems to be less commonly discussed than other

algorithms which makes this a useful introduction.

Another helpful contribution of Stalling is that SNMP gets a whole chapter

at the end of the book, helping to round out the topic of network

security.

This book is useful for academic courses and for anyone looking for a

good introduction to network security.

Kaufman, Charlie, Radia Perlman and Mike Speciner

Network Security: Private Communication in a PUBLIC World

Prentice-Hall PTR. 1995. 504 pages.

Bibliography (143 entries), glossary, index.

ISBN 0-13-061466-1. $48.

------------------------

Network Security is another textbook for the security aware individual.

It is divided into four main topics, Cryptography, Authentication,

Electronic Mail and Leftovers. While covering the topics properly, it

aims to educate the reader more about how the communications work with

the math included when necessary instead of by default. The discussions

of procedures with the math are included in the text and not as

appendices. The Leftovers are interesting tidbits such as Lotus Notes,

Microsoft, DCE and Clipper. This book brings out issues in addition

to explanations, for example, the question of whether to publish

cryptographic algorithms so that even the bad guys can see them, and

the controversy over how many bits of key should be allowed for export.

The introductory chapter presents network basics, firewalls, key escrow

and the military model of security. The section on cryptography goes

into the basic definitions, secret key cryptography, hashing and message

digests, public keys and number theory. There are homework problems at

the end of each chapter. Since so many subtopics are covered, some of

them are covered rather quickly.

The section on authentication covers authentication of systems and

people, handshake pitfalls and Kerberos. The Kerberos chapters are

slightly longer than might be expected in a survey work like this,

compared to other topics, but the detail is certainly welcome. Both

Kerberos4 and Kerberos5 are included.

Electronic mail is the last major section with chapters on email

security, PEM, PGP, and X.400. These are good introductions if you

did not know what any of these are or you wanted to see some of the

underlying message and object formats. These are mainly definitions of

the structures and ideas, but not a user's view of how to make them work.

This book, too, is useful for academic courses and for anyone looking

for a good introduction to network security.

Comparison

----------

Comparing Stallings and Kaufman first demands a disclaimer.

The books are more complementary than competitive, in spite

of the fact they both cover the same general area. Each has a

different approach, each gives different weights to the same topics

and each includes topics the other does not.

Some of the more notable comparisons, for example, the Stallings book

is about 10% shorter than the Kaufman book and seems to have more

illustrations. Stallings has more items in the bibliography (183 vs. 143),

and surprisingly, the overlap is not very large between the two.

The Kaufman glossary has over 200 items with acronyms within it, while

Stallings has over 50 items plus about 30 acronyms in a separate list.

The overlap is again a smaller set than expected. The biggest difference

is in the amount of attention Kerberos receives, four times greater in

Kaufman.

Stallings is geared towards algorithm description, hence more math,

and Kaufman uses the Alice&Bob approach to explain topics.

Kaufman has afforded space to issues such as key escrow and other

legal problems. Kaufman covers MD with more history than Stallings

which only covers MD4 and MD5. Kaufman does not cover differential

and linear cryptanalysis which Stallings includes in the DES section,

but Kaufman covers IDEA with DES, Stallings does not.

Stallings covers LUC, Kaufman does not, but Kaufman covers El Gamal,

and Stallings does not. Diffie-Hellman is more treated more in depth in

Stallings. Kerberos, PGP and PEM get whole chapters in Kaufman, but

Stallings has only sections. However, PGP in Kaufman has only two thirds

the number of pages that Stallings has. PEM gets over forty pages in

Kaufman, Stallings only gives it twenty. Kaufman also has a three page

comparison of PEM, PGP and X.400.

Both cover number theory, Euclid and Euler and give good surveys of

cryptography. Stallings devotes more attention to primes than Kaufman,

and is a little more readable, but he does not cover the Chinese

Remainder Theorem as does Kaufman. Kaufman includes the number theory

discussion in the text of the chapter instead of in an appendix as

does Stallings. Finding big primes is given some more attention in

the discussion of RSA in Kaufman.

Except where a topic is given only brief attention, for example, the

birthday attack in Kaufman is only a side bar, whereas Stallings gives

it five pages, the explanations are pretty much equally good. Individual

preference would probably determine which approach is more easily read

and understood, but neither book should be criticized for technical

reasons. Both should be considered for additions to your bookshelf.

______________________________________________________________________