Book Reviews: Information Security Books and Product Reviews – Cryptography Engineering

Book Title: Cryptography Engineering

Subtitle: Design Principles and Practical Applications

Author(s): Niels Ferguson, Bruce Schneier, Tadayoshi Kohno  

Publisher: John Wiley & Sons

Date of Publishing: 5 Mar 2010

ISBN(13): 9780470474242

Price (UK&US price – full price, not discounted price): £36,99,  $34.65

URL of Amazon UK web page: Cryptography Engineering: Design Principles and Practical Applications

URL of Amazon UK (Kindle) web page: Cryptography Engineering: Design Principles and Practical Applications

URL of Amazon US web page: Cryptography Engineering: Design Principles and Practical Applications

URL of Amazon US (Kindle) web page: Cryptography Engineering: Design Principles and Practical Applications

Cryptographic Engineering is an updated version of “Practical Cryptography,” originally published in 2003 by Niels Ferguson, Bruce Schneier. It has been updated so that it now is suitable for self-study and classroom training; in effect, this is the second edition of Practical Cryptography.Cryptographic Engineering is intended to provide advice to those designing and implementing cryptographic systems. As such, it provides an introduction to cryptography, the application of cryptography, and then finally its implementation.The book spans just 384 pages split across five parts and 23 chapters, and it’s certainly not as big as some of the other mighty “tomes” that have been written on this subject. The first part introduces the reader to cryptography, in particular emphasizing that security is only as strong as the weakest link, and that one can use the strongest cryptographic algorithms but if implemented incorrectly then can introduce weak links into a system.The second part consists of six chapters and introduces the reader to a number of cryptographic algorithms. Chapter three and four compare and review various existing block ciphers, their modes of operation, and attacks against some of these specific modes. Hash functions are explained and compared in chapter five, while chapter six extends the concept of hashes to message authentication codes. Chapter seven looks at real-world problems and how the algorithms previously defined can be used to create secure channels. Part three takes a look at key negotiation and has chapters explaining both RSA and Diffie-Hellman. However, the first chapter looks at the problems of generating random numbers. Chapter 14 considers key negotiation, having previously described some of the building blocks and the final chapter in this part looks at implementation issues.Next the authors look at key management and the various approaches to the problems therein. Chapter 16 discusses the use (and risks of using) clocks and time in cryptosystems, followed by a quick introduction to PKI (Public Key Infrastructure) in chapter 18. Next, chapters 19 and 20 consider the practicalities and realities of implementing PKI, highlighting problems and shortfalls. Storing secrets, important for key and password security, is discussed in chapter 21.The final part (four) contains miscellaneous topics, including the use of standards and the need for involving experts. 

This book is certainly not just another ‘introduction’ to cryptography. The content is for those involved in the detailed implementation of cryptosystems, and because of this, the book is rooted in mathematical implementations of algorithms. However, anyone wishing to understand the complexities of implementing a crypto system should become familiar with this aspect of cryptography – and as such, should buy this book. Highly recommended.

Whilst there are more complete books on cryptography, especially in terms of the basics, Cryptography Engineering comes highly recommended. Anyone wishing to implement a product or application that uses cryptography should certainly buy a copy.

Marks: 5 out of 5
*****

AllEscortAllEscortAllEscort