Reviews of two good textbooks on networks and security

by Bob Bruen, Cipher Book Review Editor


Stallings, William.
Network and Internetwork Security: Principles and Practice.
Prentice-Hall & IEEE Press. 1995. 462 pages.
Glossary, bibliography (183 entries), index, chapter appendices, standards citation list.
LoC TK5105.5.S728. ISBN 0-02-415483-0. IEEE ISBN:-0-7803-1107-8. $58.

William Stallings has had numerous books published over the years. This recent addition to the network security field is a textbook covering some of the required basics. It has two major divisions, principles and practice. Principles are encryption, public keys, authentication and a chapter on intruders, viruses and worms. Practice covers crypto algorithms, authentication, email and SNMP. There is also an excellent overview of network security preceeding the two main divisions and he has provided a large number of illustrations, graphs, diagrams and even the list passwords used by the infamous Morris worm of 1988.

Since this is a textbook, there are problem sets at the end of each chapter. He also does something I appreciate in a book, he puts recommended reading at the end of each chapter so that you have a subject bibliography, but he also includes all the reading in one large bibliography at the end of the book. Most author choose only one approach which limits its usefulness.

Each chapter has several appendices that either provide the related math or an in depth discussion of particular topics that are helpful, but not necessary for understanding the chapter. For example, the chapter on public-key cryptography has an appendix to introduce number theory and one that covers the complexity of algorithms. The chapter itself covered the definition of PKs, RSA and key management. The chapter on conventional encryption has a five page, detailed explanation of the birthday attack as its appendix.

His chapter on email security only includes PGP and PEM descriptions, but they are good introductions. The chapter on authentication includes a brief, but clear, twenty pages on Kerberos. The same chapter explains the Diffie-Hellman key exchange in a way that symbolizes his style throughout the book. He does not use Alice and Bob, but instead focuses on the algorithm, so you see more of "a mod p" in his text. While this is not a criticism of his style, it is an observation that differentiates his book from some other books.

The LUC public-key algorithm, along with its basis, large integers in a Lucas sequence, has almost ten pages devoted to it. Schneier(1996) gives only one page to it saying it is not more secure than RSA and he does not trust it. LUC seems to be less commonly discussed than other algorithms which makes this a useful introduction. Another helpful contribution of Stalling is that SNMP gets a whole chapter at the end of the book, helping to round out the topic of network security.

This book is useful for academic courses and for anyone looking for a good introduction to network security.


Kaufman, Charlie, Radia Perlman and Mike Spencer.
Network Security: Private Communication in a PUBLIC World.
Prentice-Hall PTR. 1995. 504 pages.
Bibliography (143 entries), glossary, index.
ISBN 0-13-061466-1. $48.

Network Security is another textbook for the security aware individual. It is divided into four main topics, Cryptography, Authentication, Electronic Mail and Leftovers. While covering the topics properly, it aims to educate the reader more about how the communications work with the math included when necessary instead of by default. The discussions of procedures with the math are included in the text and not as appendices. The Leftovers are interesting tidbits such as Lotus Notes, Microsoft, DCE and Clipper. This book brings out issues in addition to explanations, for example, the question of whether to publish cryptographic algorithms so that even the bad guys can see them, and the controversy over how many bits should be allowed for export.

The introductory chapter presents network basics, firewalls, key escrow and the military model of security. The section on cryptography goes into the basic definitions, secret key cryptography, hashing and message digests, public keys and number theory. There are homework problems at the end of each chapter. Since so many subtopics are covered, some of them are covered rather quickly.

The section on authentication covers authentication of systems and people, handshake pitfalls and Kerberos. The Kerberos chapters are slightly than might be expected in a survey work like this, compared to other topics, but the detail is certainly welcome. Both Kerberos4 and Kerberos5 are included.

Electronic mail is the last major section with chapters on email security, PEM, PGP, and X.400. These are good introductions if you did not know what any of these are or you wanted to see some of the underlying message and object formats. These are mainly definitions of the structures and ideas, but not a user's view of how to make them work.

This book, too, is useful for academic courses and for anyone looking for a good introduction to network security.


Comparison

Comparing Stallings and Kaufman first demands a disclaimer. The books are more complementary than competitive, in spite of the fact they both cover the same general area. Each has a different approach, each gives different weights to the same topics and each includes topics the other does not.

Some of the more notable comparisons, for example, the Stallings book is about 10% shorter than the Kaufman book and seems to have more illustrations. Stallings has more items in the bibliography (183 vs. 143), and surprisingly, the overlap is not very large between the two. The Kaufman glossary has over 200 items with acronyms within it, while Stallings has over 50 items plus about 30 acronyms in a separate list. The overlap is again a smaller set than expected. The biggest difference is in the amount of attention Kerberos receives, four times greater in Kaufman.

Stallings is geared towards algorithm description, hence more math, and Kaufman uses the Alice&Bob approach to explain topics. Kaufman has afforded space to issues such as key escrow and other legal problems. Kaufman covers MD with more history than Stallings which only covers MD4 and MD5. Kaufman does not cover differential and linear cryptanalysis which Stallings includes in the DES section, but Kaufman covers IDEA with DES, Stallings does not.

Stallings covers LUC, Kaufman does not, but Kaufman covers El Gamal, and Stallings does not. Diffie-Hellman is more treated more in depth in Stallings. Kerberos, PGP and PEM get whole chapters in Kaufman, but Stallings has only sections. However, PGP in Kaufman has only two thirds the number of pages that Stallings has. PEM gets over forty pages in Kaufman, Stallings only gives it twenty. Kaufman also has a three page comparison of PEM, PGP and X.400.

Both cover number theory, Euclid and Euler and give good surveys of cryptography. Stallings devotes more attention to primes than Kaufman, and is a little more readable, but he does not cover the Chinese Remainder as does Kaufman. Kaufman includes the number theory discussion in the text of the chapter instead of in an appendix as does Stallings. Finding big primes is given some more attention in the discussion of RSA in Kaufman.

Except where a topic is given only brief attention, for example, the birthday attack in Kaufman is only a side bar, whereas Stallings gives it five pages, the explanations are pretty much equally good. Individual preference would probably determine which approach is more easily read and understood, but neither book should be criticized for technical reasons. Both should be considered for additions to your bookshelf.