Customer Reviews

Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy

5 star:		(3)
4 star:		(1)
3 star:		(0)
2 star:		(1)
1 star:		(0)

 

 

Although highly technical, the book really addresses a worsening social problem: trust and privacy. When I need to provide proof that I'm over 21, for example, I may present a driver's license. That can confirm that I'm over 21, certainly. It will also release my exact age and birth date (very different questions), as well as my name, address, license number, and whether I need glasses! The store certainly has a right to know that I am of legal age for some purchase, with a certificate at least as trustworthy as my driver's license. The rest of the information is irrelevant, but can expose me to a lot of unwanted attention, even real danger. I must, however, present all of it or none.

We really can have it both ways. Brands' protocols can give that seller the information needed - am I at least 21 - with extreme certainty. The protocol will release ONLY that information, however - not my exact age, address, or the rest. If I want to release my address, too, I can do that without releasing my driver's license number. The "infrastructure" in Brands' title is the set of mechanisms make this possible. It uses modern cryptography to create the required level of trust. It also uses Brands' techniques to let the owner of information control how it is released.

Brands has given clearer and more detailed meanings of personal privacy that I would ever dreamed exist. He then shows how mathematical techniques can protect each facet of privacy, while releasing all the information I must for living in a modern world. The text is quite mathematical - enough for the dedicated reader to implement any of the protocols described. It is possible, however, to skip past the math. What's left is an excellent discussion of living a safe and dignified life in a society of information.

Rethinking Public Key Infrastructures and Digital Certificates is Brand's Ph.D. thesis.

The book is a fascinating overview of the cryptography and underpinnings of PKI. Brand's focuses more on PKI from the perspective of privacy, as opposed to authentication and confidentiality.

Brand's has come up with a number of new cryptographic communication techniques that can enable applications to limit the information provided to other parties. This is hugely crucial in that information leakage is a huge threat to personal privacy.

This book is a good complement to Schneier's Applied Cryptography ...

Either way, Rethinking Public Key Infrastructures and Digital Certificates is an original and innovative look at how to use PKI to enhance personal privacy and is highly recommended for anyone attempting to use PKI within their technology infrastructure.

This is an excellent book in that it is the only one I know, where the process of building advanced cryptographic protocols is explained step by step. Most other books simply throw out the protocols, as if the designers had conceived them through divine inspiration, and were to be used as cookbook recipies.
True, it is not a reference book, you can not simply pick a chapter and expect to understand what Dr. Brands is talking about. You have to read it sequentially.
However, if you have taken an undergraduate course in cryptography, you will recognize the basic problems and algorithms that are used, RSA and the discrete logarithm problem date back to the birth of public key cryptography in the 70s, the rest is the result of years and years of research, most of it concluded and published before 1997, after being thoroughly reviewed by many of the great names in cryptography research.
As an other reviewer has noted, this is not a cookbook with recipies for programmers, and neither is it a book for beginners.
You do not have to be a mathematician or a grad student to understand it, but you do need a solid understanding of public key cryptography and digital signatures.

The book is a graduate-level mathematics dissertation for non-standard, unproven cryptographic techniques. Unless you have advanced cryptographic mathematical skills you won't understand the book. And even more important, you won't be able to verify that the unproven, unorthodox cryptographic techniques shown in the book actually work in the real world.

This book is not for computer programmers. It contains no code - no examples; no framework; no implementation. After extensive searching on the Internet, I could find no implementation of any of Stephen's proprietary algorithms he presents in the book. The book contains only mathematic formulas - which would be extremely challenging to implement in code correctly. Further, none of the algorithms can be implemented using standard cryptographic algorithms - they have to be implemented from scratch! Also, Stephen has patented many, if not all, of his cryptographic techniques - so you might not be able to use them even if you wanted to.

Lastly, the author, Stephen Brands, has completely vanished out of public life since he wrote this book. He has not published anything, anywhere. None of his cryptographic techniques have been implemented - even though he went to work for a software company in Canada which was granted rights to his patents. Some programmers have done residency work with Stephen on cryptographic projects at this company, but none of this work has been made commercial. The very fact that Stephen has been unable to produce any commercial application of this work, shows that something is wrong somewhere.

If someone with the proper mathematical skills can verify that Stephen proprietary cryptographic algorithms are correct; and that they can provide privacy and security; and they can implement them in real code that can be tested and verified secure; and they are not protected by patents; then I would be very interested in this product!

Healthy scepticism and constructive criticism are a good thing. But they can be taken too far, and some of Mike Bowers' comments (see his review dated August 2, 2004) are not fair. This book is a PhD thesis in cryptographic mathematics--it is not, and never claims to be, a manual of computer programming techniques. No book, no thing can be all things to all people.

Creating innovative products of real value is an extremely challenging task, and requires a great deal of talent, resources, and years of focused effort. Stefan Brands has produced highly original and groundbreaking theoretical work in the area of cryptography, and his credentials are impeccable, as you will discover when you research the reviews of Brands' work by world-leading cryptographers such as Bruce Schneier.

That alone is an achievement worthy of respect. But Brands has gone further: he has founded a company, Credentica, and has turned his theoretical breakthroughs into practical commercial technology. That puts him in a rare class of gifted creators who have succeeded both as theoretical pioneers and as entrepreneurs.

If our societies are able to preserve both privacy and security in an increasingly electronic, online world with determined and well-resourced criminal attackers, then Brands will be one of the trailblazers (along with Phil Zimmerman) who we have to thank.