Product Description

For one-semester, undergraduate/graduate level courses in Cryptography, Computer Security, and Network Security. Best-selling author and four-time winner of the TEXTY award for the best Computer Science and Engineering text, William Stallings provides a practical survey of both the principles and practice of cryptography and network security. This text, which won the 1999 TAA Award for the best computer science and engineering textbook of the year, has been completely updated to reflect the latest developments in the field. It has also been extensively reorganized to provide the optimal sequence for classroom instruction and self-study.

---

Product Details

• Amazon Sales Rank: #745139 in Books
• Published on: 2002-08-27
• Original language: English
• Number of items: 1
• Binding: Hardcover
• 696 pages

From the Back Cover

William Stallings' book provides comprehensive and completely up-to-date coverage of computer organization and architecture including memory, I/O, and parallel systems. The text covers leading-edge areas, including superscalar design, IA-64 design features, and parallel processor organization trends. It meets students' needs by addressing both the fundamental principles as well as the critical role of performance in driving computer design. Providing an unparalleled degree of instructor and student support, including supplements and on-line resources through the book's website, the sixth edition is in the forefront in its field.

New Material

• IA-64/Itanium architecture: The chapter-length description and analysis includes predicated execution and speculative loading.
• Cache memory: The new edition devotes an entire chapter to this central element in the design of high-performance processors.
• Optical memory: Coverage is expanded and updated.
• Advanced DRAM architecture: More material has been added to cover this topic, including an updated discussion of SDRAM and RDRAM.
• SMPs, clusters, and NUMA systems: The chapter on parallel organization has been expanded and updated.
• Expanded instructor support: The book now provides extensive support for projects with its new website.
• Pedagogy: Each chapter now includes a list of review questions (as well as homework problems) and a list of key words.

Distinguishing Treatment

Bus organization: detailed treatment and evaluation of key design issues.

RISC: broad, unified presentation

Microprogrammed implementation: full treatment for a firm grasp

I/O functions and structures: full coverage, including interaction of I/O modules with the outside world and the CPU.

Pedagogical Features

• Running examples: Provides numerous concrete examples, especially Pentium 4 and Power PC G4
• Unified instructional approach: Enables student to evaluate instruction set design issues.
• Instructors Resource CD-ROM: Includes solutions to homework problems, list of research projects, and list of simulation projects, plus student manual for both SimpleScalar and SMPCache, and a list of suggested reading assignments.

About the Author

William Stallings has made a unique contribution to understanding the broad sweep of technical developments in computer networking and computer architecture. He has authored 18 titles, and counting revised editions, a total of 48 books on various aspects of this subject. 1 lc has won the annual Text and Academic Authors Association award five times for the best computer science and engineering text. He is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions. He maintains the Computer Science Technical Resciurce site at http://www.WilliamStallings.com/StudentSupport.html. Dr. Stallings holds a Ph.D. degree in Computer Science from M.LT. All of his Prentice Hall title's can he found at the Prentice Hall web site http://www.prenhall.com/stallings.

Excerpt. © Reprinted by permission. All rights reserved.
PREFACE "The tie, if I might suggest it, sir, a shade more tightly knotted. One aims at the perfect butterfly effect. If you will permit me—"

"What does it matter, Jeeves, at a time like this? Do you realize that Mr. Little's domestic happiness is hanging in the scale?"
"There is no time, sir, at which ties do not matter."
— Very Good Jeeves! P. G. Wodehouse

In this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. Two trends have come together to make the topic of this book of vital interest. First, the explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communicated using these systems. This, in turn, has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security.

OBJECTIVES

It is the purpose of this book to provide a practical survey of both the principles and practice of cryptography and network security. In the first two parts of the book, the basic issues to be addressed by a network security capability are explored by providing a tutorial and survey of cryptography and network security technology. The latter part of the book deals with the practice of network security: practical applications that have been implemented and are in use to provide network security.

The subject, and therefore this book, draws on a variety of disciplines. In particular, it is impossible to appreciate the significance of some of the techniques discussed in this book without a basic understanding of number theory and some results from probability theory. Nevertheless, an attempt has been made to make the book self-contained. The book presents not only the basic mathematical results that are needed but provides the reader with an intuitive understanding of those results. Such background material is introduced as needed. This approach helps to motivate the material that is introduced, and the author considers this preferable to simply presenting all of the mathematical material in a lump at the beginning of the book.

INTENDED AUDIENCE

The book is intended for both an academic and a professional audience. As a textbook, it is intended as a one-semester undergraduate course in cryptography and network security for computer science, computer engineering, and electrical engineering majors. The book also serves as a basic reference volume and is suitable for self-study.

PLAN OF THE BOOK

The book is organized in four parts:

Part One. Conventional Encryption: A detailed examination of conventional encryption algorithms and design principles, including a discussion of the use of conventional encryption for confidentiality.

Part Two. Public-Key Encryption and Hash Functions: A detailed examination of public-key encryption algorithms and design principles. This part also examines the use of message authentication codes and hash functions, as well as digital signatures and public-key certificates.

Part Three. Network Security Practice: Covers important network security tools and applications, including Kerberos, X.509v3 certificates, PGP, S/MIME, IP Security, SSL/TLS, and SET.

Part Four. System Security: Looks at system-level security issues, including the threat of and countermeasures for intruders and viruses, and the use of firewalls and trusted systems.

In addition, the book includes an extensive glossary, a list of frequently used acronyms, and a bibliography. Each chapter includes homework problems, review questions, a list of key words. suggestions for further reading, and recommended Web sites.

A more detailed, chapter-by-chapter summary of each part appears at the beginning of that part.

INTERNET SERVICES FOR INSRUCTORS AND STUDENTS

There is a Web page for this book that provides support for students and instructors. The site includes links to other relevant sites, copies of the figures and tables from the book in PDF (Adobe Acrobat) format, and sign-up information for the book's Internet mailing list. The Web page is at WilliamStallings.com/Crypto3e.html. An Internet mailing list has been set up so that instructors using this book can exchange information, suggestions, and questions with each other and with the author. As soon as typos or other errors are discovered, an errata list for this book will be available at WilliamStallings.com. In addition, the Computer Science Student Resource site, at WilliamStallings.com/StudentSupport.html, provides documents, information, and useful links for computer science students and professionals.

PROJECTS FOR TEACHING CRYPTOGRAPHY AND NETWORK SECURITY

For many instructors, an important component of a cryptography or security course is a project or set of projects by which the student gets hands-on experience to reinforce concepts from the text. This book provides an unparalleled degree of support for including a projects component in the course. The instructor's manual not only includes guidance on how to assign and structure the projects, but also includes a set of suggested projects that covers a broad range of topics from the text:

• Research Projects: A series of research assignments that instruct the student to research a particular topic on the Internet and write a report
• Programming Projects: A series of programming projects that cover a broad range of topics and that can be implemented in any suitable language on any platform
• Reading/Report Assignments: A list of papers in the literature, one for each chapter, that can be assigned for the student to read and then write a short report

See Appendix B for details.

WHAT"S NEW IN THE THIRD EDITION

In the four years since the second edition of this book was published, the field has seen continued innovations and improvements. In this new edition, I try to capture these changes while maintaining a broad and comprehensive coverage of the entire field. To begin this process of revision, the second edition was extensively reviewed by a number of professors who teach the subject. In addition, a number of professionals working in the field reviewed individual chapters. The result is that, in many places, the narrative has been clarified and tightened, and illustrations have been improved. Also, a number of new "field-tested" problems have been added.

Beyond these refinements to improve pedagogy and user friendliness, there have been major substantive changes throughout the book. Highlights include the following:

• New—Advanced Encryption Standard: The most important event in this field in the past four years is the adoption of the Advanced Encryption Standard (AES). This conventional encryption algorithm is designed to replace DES and triple DES and is likely to soon become the most widely used conventional encryption algorithm. A detailed discussion of AES has been added.
• New—Finite Fields: Both AES and elliptic curve cryptography rely, on the use of finite fields. A new chapter provides a clear, succinct description of the necessary concepts in this area.
• New—RC4: RC4 is the most widely used stream cipher. It is part of the SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards that have been defined for communication between web browsers and servers. It is also used in the WEP (Wired Equivalent Privacy) protocol that is part of the IEEE 802.11 wireless LAN standard.
• New—CTR Mode: NIST has recently approved the counter (CTR) mode for block cipher encryption, intended for high-speed applications.
• Expanded—Treatment of Elliptic Curve Cryptography: ECC is a public-key technique that is becoming increasingly important and widespread. Reflecting this, the coverage of ECC has been expanded considerably.

---

Customer Reviews

Solid coverage for professionals, students and instructors
This book is intended to serve both as a textbook for an academic course of study, and as a self-study and reference guide for practicing professionals. The material has been extended to emphasize encryption and its central position in network protection. The structure and flow have been reorganized with both classroom use and solo instruction in mind, and additional teaching material, such as additional problems, have been added.

Chapter one is an introduction to the topics to be covered. In a practical way it outlines the concerns involved in the phrase computer security, and the priorities occasioned by the networked nature of modern computing. There is also an outline of the chapters and sequence in the rest of the book. While the text does note that cryptographic techniques underlie most of current security technologies this is only done briefly. Examples in the major categories listed would help explain this primary position.

Part one deals with conventional, symmetric, encryption and the various methods of attacking it. Chapter two covers the historical substitution and transposition ciphers. Symmetric block ciphers are discussed in chapter three, illustrated by an explanation of DES (Data Encryption Standard). The additional conventional algorithms of triple DES, IDEA (International Data Encryption Algorithm), and RC5 are reviewed in chapter four. The use of conventional encryption for confidentiality is outlined in chapter five.

Part three looks at public-key encryption and hash functions. Chapter six introduces public-key encryption and its uses in confidentiality, authentication, and key management and exchange. Number theory is the basis of these modern algorithms, so some basic mathematical concepts are outlined in chapter seven. Digital signatures and message authentication is introduced in some detail in chapter eight. The algorithms themselves are explained in chapter nine, including MD5 (Message Digest algorithm), SHA (Secure Hash Algorithm), and others. Protocols using digital signatures are described in chapter ten.

Part three takes this background material and relates its use in security practice. Chapter eleven looks at authentication, concentrating on Kerberos and X.509. The examples of e-mail security systems given in chapter twelve are PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extension). Security provisions for the Internet Protocol (IP) itself are reviewed in chapter thirteen. Web security, in chapter fourteen, again concentrates on protocol level matters, but also discusses the SET (Secure Electronic Transaction) standard at the application level.

Part four outlines general system security. To the general public the primary concern of security is to deal with intruders and malicious software, so it may seem odd to the uninitiated to find that both of these subjects are lumped together in chapter fifteen. Chapter sixteen finishes off the book with a description of firewalls and the concept of trusted systems that they rely on.

Each chapter ends with a set of recommended readings and problems. Many chapters also have appendices giving additional details of specific topics related to the subject just discussed.

Meat and Potatoes
This review is for the 3rd edition -
I'm not a cryptographer by any means. I've owned Applied Cryptography(AC) for 4 years. It's been quite helpful but leans farther into theory (not covered in it) than I was willing or able to research at the time. I often found myself needing to refer to other resources over the years. I purchased this book after thumbing through it a few times at the bookstore. I'm not one to run out and spend $80 on a book in haste. After a couple of collective hours in it at the store I bought it with the intention of returning it in the 30 allotted days for a full refund. That date comes tomorrow and I have no intention on returning it.

I would describe it as a self-contained reference. It covers cryptography principles and practices as the title implies. When discussing the algorithms it covers them with roughly the same notation and detail as AC. However, I found the explained examples to be clearer. When I found myself getting lost I took the text's advice and referred to the chapters on mathematics and number theory. Not only did it clear the fog it also bit me with the math bug. Leading me to buy another great book, Prime Obsession (nothing to do with crypto). I should mention that this book is void of code. I didn't find this to be a problem because if I'm not using a crypto lib I usually have to implement the crypto code from scratch. With the knowledge presented in this book I can do it better. FYI: The OpenSSL lib offers a bunch of implemented algorithims.

The all in one overview
As CTO of an internet security company I am often required to locate information or explain concepts to people regarding network security and the Public Key Infrastructure. Having a ready reference with excellent drawings has made the communication of key concepts easy. For details of implementations, I send the engineers to Applied Cryptography, but for the overview of the Net protocols, I bought everyone in the company this book.