Experienced security practitioners and cryptography researchers will benefit from reading this book. The author accurately states in the preface: “Lack of widespread appreciation of the scope of symmetric cryptography has led to the unwarranted use of expensive asymmetric cryptography in situations where symmetric cryptography is adequate.” The broad topics covered by the book include key distribution techniques and message digest construction for dynamic databases.
Although a review of pseudorandom functions (PRFs) is provided in chapter 1, the novice reader will not be able to learn much from the chapter unless other primers on the topic are referred to. The author highlights the common constructions that use PRFs in chapter 2. Consequently, the remainder of the book is slightly easier to comprehend. The author clearly classifies different techniques for key distribution in chapter 3. Separate sections summarize both online as well as offline key distribution schemes. Three separate modified Leighton-Micali (MLS) key distribution schemes are also studied, and a comparative analysis is provided.
The readership will benefit significantly from the in-depth analysis of the MLS scheme when applied to the domain name system (DNS) protocol (chapter 4). Several protocols and techniques for securing the DNS, including DNSSEC, MLS for DNS security, and TCB-DNS, are analyzed. In addition, practical considerations associated with deployment of the above are defined and elaborated upon. The scalability of the key distribution schemes, highlighted earlier, is analyzed in chapters 5 and 6. In particular, key predistribution schemes are studied, compared, and contrasted, with the author clearly highlighting the superiority of probabilistic key predistribution over the other schemes. When the schemes for key predistribution are non-scalable, extensions such as parallel Leighton-Micali (PLM) and subset keys and identity tickets (SKIT) are proposed as possible solutions, in chapter 6.
Key predistribution for tamper-responsive platforms is analyzed in detail in chapter 7. Though the author highlights the superiority of the parallel basic key (PBK) predistribution scheme over SKIT and MLS, readers will find the comparative analysis to be thorough and enlightening.
Techniques for sustaining sharing of secret keys between several users (one-to-many or many-to-many), to facilitate broadcast encryption, are reported in chapter 8. The application of probabilistic key predistribution systems for broadcast encryption in publish-subscribe models is highlighted in section 8.6. The clearly written comparative analysis of probabilistic key predistribution for broadcast encryption (PKPS-BE) and T-BE for such systems should help readers better appreciate the capabilities of these schemes in securing diverse application scenarios.
A study on authenticated data structures and their significance for securing a database within untrusted database servers is provided in chapter 9. Merkle trees, ordered Merkle trees, and infrastructural requirements for sustenance of trust in databases are outlined in the chapter.
Chapter 10 provides a holistic view of system security. The process for securing a system along with the fundamental elements comprising it, are analyzed by the author. In addition, the Trusted Computing Group (TCG) has been studied as a trusted platform module, with its pitfalls clearly highlighted for readers to appreciate. The Trinc specification for hardware module design and the role of virtual counters are also analyzed in the chapter. In-depth analyses of credential management modules (CMM) and credential transaction models for representative systems are also provided.
Overall, the book provides a thorough analysis of key distribution and predistribution techniques, alongside pertinent applications. I would recommend this book as an advanced-level resource on symmetric cryptography and its application to diverse application scenarios.