Cryptography and Network Security: Principles and Practice. 2nd edition

reviewed by Bob Bruen

by William Stallings. Prentice Hall. 1999.
569 pages. Appendix, glossary, bibliography, index. $73.00
ISBN 0-13-869017-0 LoC TK5105.59.S713

This textbook is a second edition of Network and Internetwork Security: Principles and Practice (1995) which was reviewed here just about three years ago. This edition is a substantial update of the first edition, with about 100 additional pages. The title change reflect the change in emphasis in the material presented. The bibliography has been increased in size with publications since the first edition and a few references have been removed, for example those related to LUC, which has been dropped as a topic in the book. In my earlier review, I noted the inclusion of LUC as an exception to most books, but also noted that it was good introduction to it. Also dropped as a topic is SKIPJACK. Neither will be missed.

On the plus side, a welcome addition is the Introduction to Number Theory chapter covering the expected topics on prime numbers, modular arithmetic, test for primality, etc. with lots of examples. Some comfort with mathematics is assumed, but since the book is aimed at college students it seems to be at the correct level. This chapter plugs a hole in the first edition. The new chapter on firewalls help to make the book more comprehensive.

Further additions come from changes in the field, such as IPSec and web security, citing the best sources in each. Simplified DES (developed by Professor E. Schaefer), an educational tool for understanding the principles of the DES algorithm, has been included as new introductory material for DES. It has similar properties and structure, but uses less bits. The DES presentation is similar to the first edition, but this chapter adds explanations of more algorithms: Blowfish, CAST-128, and RC5.

The first edition had a chapter on SNMP which is not included in this edition, but of course, Stallings has other textbooks just for SNMP which are far more complete.

Other noticeable improvement are the problem sets at the end of the chapters which have been updated by additional new problems and modifications of older ones. The old blue ink diagrams have been replaced by black ink with improvements for clarity. The mathematical proofs have been made more readable by simple things such as white space and indentation.

I was also happy to see the addition of a section on elliptic curve cryptography, an important but somewhat neglected area. There are some papers and and a couple of books on ECC , but it does not get the same level of attention as other areas.

The book was the winner of the 1999 Texty Award for the best Computer Science and Engineering textbook, awarded by the Text and Academic Authors Association, Inc.

This is an excellent textbook, comprehensive with clear explanations and now up to date. I expect that the third edition will include material on the Advanced Encryption Standard that is under review at this time. The competition among the algorithms offers many lessons to us.

I liked the first edition and I like this edition. It is little pricey, but Cisco was giving away copies for free for the asking. If you missed that offer, then you will have to buy a copy.