New Page 1

____________________________________________________________________
Reviews of two good textbooks on networks and security
by Bob Bruen, Cipher Book Review Editor
____________________________________________________________________
Stallings, William.
Network and Internetwork Security: Principles and Practice.
Prentice-Hall & IEEE Press. 1995. 462 pages.
Glossary, bibliography (183 entries), index, chapter appendices,
standards citation list.
LoC TK5105.5.S728. ISBN 0-02-415483-0. IEEE ISBN:-0-7803-1107-8. $58.
----------------
William Stallings has had numerous books published over the years. This
recent addition to the network security field is a textbook covering
some of the required basics. It has two major divisions, principles and
practice. Principles are encryption, public keys, authentication and
a chapter on intruders, viruses and worms. Practice covers crypto
algorithms, authentication, email and SNMP. There is also an excellent
overview of network security preceeding the two main divisions and he
has provided a large number of illustrations, graphs, diagrams and even
the list passwords used by the infamous Morris worm of 1988.

Since this is a textbook, there are problem sets at the end of each
chapter. He also does something I appreciate in a book, he puts
recommended reading at the end of each chapter so that you have a subject
bibliography, but he also includes all the reading in one large
bibliography at the end of the book. Most author choose only one approach
which limits its usefulness.

Each chapter has several appendices that either provide the related math
or an in depth discussion of particular topics that are helpful, but not
necessary for understanding the chapter. For example, the chapter on
public-key cryptography has an appendix to introduce number theory and
one that covers the complexity of algorithms. The chapter itself covered
the definition of PKs, RSA and key management. The chapter on conventional
encryption has a five page, detailed explanation of the birthday attack
as its appendix.

His chapter on email security only includes PGP and PEM descriptions,
but they are good introductions. The chapter on authentication includes
a brief, but clear, twenty pages on Kerberos. The same chapter explains
the Diffie-Hellman key exchange in a way that symbolizes his style
throughout the book. He does not use Alice and Bob, but instead focuses
on the algorithm, so you see more of "a mod p" in his text. While this
is not a criticism of his style, it is an observation that differentiates
his book from some other books.

The LUC public-key algorithm, along with its basis, large integers
in a Lucas sequence, has almost ten pages devoted to it. Schneier(1996)
gives only one page to it saying it is not more secure than RSA and he
does not trust it. LUC seems to be less commonly discussed than other
algorithms which makes this a useful introduction.
Another helpful contribution of Stalling is that SNMP gets a whole chapter
at the end of the book, helping to round out the topic of network
security.

This book is useful for academic courses and for anyone looking for a
good introduction to network security.

Kaufman, Charlie, Radia Perlman and Mike Speciner
Network Security: Private Communication in a PUBLIC World
Prentice-Hall PTR. 1995. 504 pages.
Bibliography (143 entries), glossary, index.
ISBN 0-13-061466-1. $48.
------------------------
Network Security is another textbook for the security aware individual.
It is divided into four main topics, Cryptography, Authentication,
Electronic Mail and Leftovers. While covering the topics properly, it
aims to educate the reader more about how the communications work with
the math included when necessary instead of by default. The discussions
of procedures with the math are included in the text and not as
appendices. The Leftovers are interesting tidbits such as Lotus Notes,
Microsoft, DCE and Clipper. This book brings out issues in addition
to explanations, for example, the question of whether to publish
cryptographic algorithms so that even the bad guys can see them, and
the controversy over how many bits of key should be allowed for export.

The introductory chapter presents network basics, firewalls, key escrow
and the military model of security. The section on cryptography goes
into the basic definitions, secret key cryptography, hashing and message
digests, public keys and number theory. There are homework problems at
the end of each chapter. Since so many subtopics are covered, some of
them are covered rather quickly.

The section on authentication covers authentication of systems and
people, handshake pitfalls and Kerberos. The Kerberos chapters are
slightly longer than might be expected in a survey work like this,
compared to other topics, but the detail is certainly welcome. Both
Kerberos4 and Kerberos5 are included.

Electronic mail is the last major section with chapters on email
security, PEM, PGP, and X.400. These are good introductions if you
did not know what any of these are or you wanted to see some of the
underlying message and object formats. These are mainly definitions of
the structures and ideas, but not a user's view of how to make them work.

This book, too, is useful for academic courses and for anyone looking
for a good introduction to network security.

Comparison
----------
Comparing Stallings and Kaufman first demands a disclaimer.
The books are more complementary than competitive, in spite
of the fact they both cover the same general area. Each has a
different approach, each gives different weights to the same topics
and each includes topics the other does not.

Some of the more notable comparisons, for example, the Stallings book
is about 10% shorter than the Kaufman book and seems to have more
illustrations. Stallings has more items in the bibliography (183 vs. 143),
and surprisingly, the overlap is not very large between the two.
The Kaufman glossary has over 200 items with acronyms within it, while
Stallings has over 50 items plus about 30 acronyms in a separate list.
The overlap is again a smaller set than expected. The biggest difference
is in the amount of attention Kerberos receives, four times greater in
Kaufman.

Stallings is geared towards algorithm description, hence more math,
and Kaufman uses the Alice&Bob approach to explain topics.
Kaufman has afforded space to issues such as key escrow and other
legal problems. Kaufman covers MD with more history than Stallings
which only covers MD4 and MD5. Kaufman does not cover differential
and linear cryptanalysis which Stallings includes in the DES section,
but Kaufman covers IDEA with DES, Stallings does not.

Stallings covers LUC, Kaufman does not, but Kaufman covers El Gamal,
and Stallings does not. Diffie-Hellman is more treated more in depth in
Stallings. Kerberos, PGP and PEM get whole chapters in Kaufman, but
Stallings has only sections. However, PGP in Kaufman has only two thirds
the number of pages that Stallings has. PEM gets over forty pages in
Kaufman, Stallings only gives it twenty. Kaufman also has a three page
comparison of PEM, PGP and X.400.

Both cover number theory, Euclid and Euler and give good surveys of
cryptography. Stallings devotes more attention to primes than Kaufman,
and is a little more readable, but he does not cover the Chinese
Remainder Theorem as does Kaufman. Kaufman includes the number theory
discussion in the text of the chapter instead of in an appendix as
does Stallings. Finding big primes is given some more attention in
the discussion of RSA in Kaufman.

Except where a topic is given only brief attention, for example, the
birthday attack in Kaufman is only a side bar, whereas Stallings gives
it five pages, the explanations are pretty much equally good. Individual
preference would probably determine which approach is more easily read
and understood, but neither book should be criticized for technical
reasons. Both should be considered for additions to your bookshelf.
______________________________________________________________________